Re: where are sign.sh and openssl.conf ?
Hi. No John, please don't delete RH's /etc/bi/openssl from the default install. RH did something "weird", there are dependencies there and they look for RH's version of openssl. The best you can hope for is to install a parallel version of OpenSSL. I brought this up with Simon a few emails ago but he uses Suse John Turner wrote: > > Reason #942 not to just take "defaults" when installing Red Hat Linux. > You're better off deleting all of their "auto" crap and then installing > what you need from scratch. At least then you know exactly where > everything is. > > John > > [EMAIL PROTECTED] wrote: > > > Hi. > > Unbelievable, I searched all the servers for openssl.conf and found > > nothing. Some of these are stock standard default installatio sraight > > from the distro CDs from RH. > > I am going to install OpenSSL from sratch this weekend and ditch RH's > > distro copy. > > find /usr openssl.conf -type f > > find /usr -name openssl.conf > > etc... > > Nope. > > I mean, when you configure these things, the sey parametric values have > > to go somewhere, right ? > > That does it, download, compile, install OpenSSL this weekend. Ouch! > > > > > > > > Simon Pabst wrote: > > > >>I don't know about Redhat's openssl installation, > >>but propably it spreads over several directories. > >> > >>However there should be an openssl.conf somewhere, > >>maybe its in /etc/openssl.conf or /usr/local/openssl/openssl.conf > >> > >>If you can't find it, this might help: > >>find /etc -name openssl.conf > >>or > >>find /usr -name openssl.conf > >> > >>Installing openssl from source would also help getting a > >>clean (and more secure) openssl installation with everything in one directory. > >> > >>And don't mix up Apache2 ssl.conf with openssl.conf, they've got nothing to > >>do with each other. > >>In Apache 1 all the SSL stuff was in httpd.conf, in Apache 2 they just put > >>that into conf/ssl.conf. > >> > >>At 19:22 25.07.2003 +1000, you wrote: > >> > >>>Hi. > >>>Thanks, I got EngelSchall's sign.sh. I am going through exactly those > >>>doco as we "speak", I think the problem with the documentation is that > >>>they refer to dfferent versions than mine. > >>>On my default RH7.1 Linux installation, I do not have /usr/local/ssl or > >>>/etc/ssl/openssl.conf, yet it comes well equipped with > >>>/etc/httpd/conf/ssl.crt ad /etc/httpd/conf/ssl.key. > >>>On the other hand, the Apache2 httpd.conf uses an Include conf/ssl.conf > >>>which doesn't look like the instructions on the documentation. I am so > >>>confused, I need a beer. > >>>S, I won't be finishing the task this week. > >>> > >>> > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: where are sign.sh and openssl.conf ?
Reason #942 not to just take "defaults" when installing Red Hat Linux. You're better off deleting all of their "auto" crap and then installing what you need from scratch. At least then you know exactly where everything is. John [EMAIL PROTECTED] wrote: Hi. Unbelievable, I searched all the servers for openssl.conf and found nothing. Some of these are stock standard default installatio sraight from the distro CDs from RH. I am going to install OpenSSL from sratch this weekend and ditch RH's distro copy. find /usr openssl.conf -type f find /usr -name openssl.conf etc... Nope. I mean, when you configure these things, the sey parametric values have to go somewhere, right ? That does it, download, compile, install OpenSSL this weekend. Ouch! Simon Pabst wrote: I don't know about Redhat's openssl installation, but propably it spreads over several directories. However there should be an openssl.conf somewhere, maybe its in /etc/openssl.conf or /usr/local/openssl/openssl.conf If you can't find it, this might help: find /etc -name openssl.conf or find /usr -name openssl.conf Installing openssl from source would also help getting a clean (and more secure) openssl installation with everything in one directory. And don't mix up Apache2 ssl.conf with openssl.conf, they've got nothing to do with each other. In Apache 1 all the SSL stuff was in httpd.conf, in Apache 2 they just put that into conf/ssl.conf. At 19:22 25.07.2003 +1000, you wrote: Hi. Thanks, I got EngelSchall's sign.sh. I am going through exactly those doco as we "speak", I think the problem with the documentation is that they refer to dfferent versions than mine. On my default RH7.1 Linux installation, I do not have /usr/local/ssl or /etc/ssl/openssl.conf, yet it comes well equipped with /etc/httpd/conf/ssl.crt ad /etc/httpd/conf/ssl.key. On the other hand, the Apache2 httpd.conf uses an Include conf/ssl.conf which doesn't look like the instructions on the documentation. I am so confused, I need a beer. S, I won't be finishing the task this week. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: where are sign.sh and openssl.conf ?
Ah you got me confused myself there a bit, just looked it up on my SuSE 8.1, its openssl.cnf not .conf And if openssl is installed (and it must be, since Apache successfully compiled with ssl) it must be somewhere. However doing a clean install of openssl is still the best way to do it, since Redhat rpm's are propably not up to date. At 20:22 25.07.2003 +1000, you wrote: Hi. Unbelievable, I searched all the servers for openssl.conf and found nothing. Some of these are stock standard default installatio sraight from the distro CDs from RH. I am going to install OpenSSL from sratch this weekend and ditch RH's distro copy. find /usr openssl.conf -type f find /usr -name openssl.conf etc... Nope. I mean, when you configure these things, the sey parametric values have to go somewhere, right ? That does it, download, compile, install OpenSSL this weekend. Ouch! Simon Pabst wrote: > > I don't know about Redhat's openssl installation, > but propably it spreads over several directories. > > However there should be an openssl.conf somewhere, > maybe its in /etc/openssl.conf or /usr/local/openssl/openssl.conf > > If you can't find it, this might help: > find /etc -name openssl.conf > or > find /usr -name openssl.conf > > Installing openssl from source would also help getting a > clean (and more secure) openssl installation with everything in one directory. > > And don't mix up Apache2 ssl.conf with openssl.conf, they've got nothing to > do with each other. > In Apache 1 all the SSL stuff was in httpd.conf, in Apache 2 they just put > that into conf/ssl.conf. > > At 19:22 25.07.2003 +1000, you wrote: > >Hi. > >Thanks, I got EngelSchall's sign.sh. I am going through exactly those > >doco as we "speak", I think the problem with the documentation is that > >they refer to dfferent versions than mine. > >On my default RH7.1 Linux installation, I do not have /usr/local/ssl or > >/etc/ssl/openssl.conf, yet it comes well equipped with > >/etc/httpd/conf/ssl.crt ad /etc/httpd/conf/ssl.key. > >On the other hand, the Apache2 httpd.conf uses an Include conf/ssl.conf > >which doesn't look like the instructions on the documentation. I am so > >confused, I need a beer. > >S, I won't be finishing the task this week. > > > > > >Simon Pabst wrote: > > > > > > A good HOWTO about Certificate Management and creating your own CA > > > is on http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/c118.html > > > > > > Another one is here: http://www.corserv.com/freebsd/apache-ssl-howto.html > > > (not so detailed, but not that good either) > > > > > > At 15:28 25.07.2003 +1000, you wrote: > > > >Hi! > > > >I am going throug a couple of books (O'Reilly OpenSSL" and SAM "Maxum > > > >Apache Security") and HOWTOs, I haven't come across instructions to set > > > >up a CA yet. Can you please oint me in the right direction ? > > > >TIA :( > > > > > > > >Bill Barker wrote: > > > > > > > > > > It seems that it is only distributed with the Apache-1.3.x version of > > > > > mod_ssl. > > > > > > > > > > In my experience, it is usually worth the trouble in the long run > > to do a > > > > > full setup for a CA (i.e. what 'openssl ca ...' expects) if you need to > > > > > issue your own certs. > > > > > > > > > > <[EMAIL PROTECTED]> wrote in message > > news:[EMAIL PROTECTED] > > > > > > Hi. > > > > > > The HOWTO instructions on > > > > > > http://httpd.apache.org/docs-2.0/ssl/ssl_fag.html said I need a > > > > > > "sign.sh" script for signing server.csr. It is supposed to be > > > > > > distributed with mod_ssl. > > > > > > Mabe I should download and unpack the latest mod_ssl and look for it > > > > > > again... > > > > > > > > > > - > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > >- > > > >To unsubscribe, e-mail: [EMAIL PROTECTED] > > > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > >- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: where are sign.sh and openssl.conf ?
Hi. Unbelievable, I searched all the servers for openssl.conf and found nothing. Some of these are stock standard default installatio sraight from the distro CDs from RH. I am going to install OpenSSL from sratch this weekend and ditch RH's distro copy. find /usr openssl.conf -type f find /usr -name openssl.conf etc... Nope. I mean, when you configure these things, the sey parametric values have to go somewhere, right ? That does it, download, compile, install OpenSSL this weekend. Ouch! Simon Pabst wrote: > > I don't know about Redhat's openssl installation, > but propably it spreads over several directories. > > However there should be an openssl.conf somewhere, > maybe its in /etc/openssl.conf or /usr/local/openssl/openssl.conf > > If you can't find it, this might help: > find /etc -name openssl.conf > or > find /usr -name openssl.conf > > Installing openssl from source would also help getting a > clean (and more secure) openssl installation with everything in one directory. > > And don't mix up Apache2 ssl.conf with openssl.conf, they've got nothing to > do with each other. > In Apache 1 all the SSL stuff was in httpd.conf, in Apache 2 they just put > that into conf/ssl.conf. > > At 19:22 25.07.2003 +1000, you wrote: > >Hi. > >Thanks, I got EngelSchall's sign.sh. I am going through exactly those > >doco as we "speak", I think the problem with the documentation is that > >they refer to dfferent versions than mine. > >On my default RH7.1 Linux installation, I do not have /usr/local/ssl or > >/etc/ssl/openssl.conf, yet it comes well equipped with > >/etc/httpd/conf/ssl.crt ad /etc/httpd/conf/ssl.key. > >On the other hand, the Apache2 httpd.conf uses an Include conf/ssl.conf > >which doesn't look like the instructions on the documentation. I am so > >confused, I need a beer. > >S, I won't be finishing the task this week. > > > > > >Simon Pabst wrote: > > > > > > A good HOWTO about Certificate Management and creating your own CA > > > is on http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/c118.html > > > > > > Another one is here: http://www.corserv.com/freebsd/apache-ssl-howto.html > > > (not so detailed, but not that good either) > > > > > > At 15:28 25.07.2003 +1000, you wrote: > > > >Hi! > > > >I am going throug a couple of books (O'Reilly OpenSSL" and SAM "Maxum > > > >Apache Security") and HOWTOs, I haven't come across instructions to set > > > >up a CA yet. Can you please oint me in the right direction ? > > > >TIA :( > > > > > > > >Bill Barker wrote: > > > > > > > > > > It seems that it is only distributed with the Apache-1.3.x version of > > > > > mod_ssl. > > > > > > > > > > In my experience, it is usually worth the trouble in the long run > > to do a > > > > > full setup for a CA (i.e. what 'openssl ca ...' expects) if you need to > > > > > issue your own certs. > > > > > > > > > > <[EMAIL PROTECTED]> wrote in message > > news:[EMAIL PROTECTED] > > > > > > Hi. > > > > > > The HOWTO instructions on > > > > > > http://httpd.apache.org/docs-2.0/ssl/ssl_fag.html said I need a > > > > > > "sign.sh" script for signing server.csr. It is supposed to be > > > > > > distributed with mod_ssl. > > > > > > Mabe I should download and unpack the latest mod_ssl and look for it > > > > > > again... > > > > > > > > > > - > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > >- > > > >To unsubscribe, e-mail: [EMAIL PROTECTED] > > > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > >- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]