I've got OpenSA (Apache w/openssl+modssl) running on a Windows platform
and am trying to create my own CA. I'm able to create a private key and
make a cert for that CA but can't use my CA to sign the CSR.
I see from the modssl docs the step by step but then the last step gets
to run
Ok I have made a server certificate and a client certificate. I have
configured apache and ssl.conf with everything necesary BUT when I try
to conect to myserver:443 it tells me "connection has been refused".
Any idea ?
Maurizio Marini wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 03 December 2002 03:22 pm, Sasa STUPAR wrote:
>OK, so creating a certifikate is done. How do I sign it ? I am using
>windows but I have read in the documents to use sign.sh in mod-perl. Ok
>but I am not having Linux anywhere near me. So w
-out ca.csr
>> 2. openssl x509 -extfile openssl.conf -days 365 -signkey ca.key \
>> -in ca.csr -req -out ca.crt
>>
>>
>> -Original Message-
>> From: Sasa STUPAR [mailto:[EMAIL PROTECTED]]
>> Sent: Thursday, November 28, 2002 11:50 A
cnf -new -key ca.key -out ca.csr
> 2. openssl x509 -extfile openssl.conf -days 365 -signkey ca.key \
> -in ca.csr -req -out ca.crt
>
>
> -Original Message-
> From: Sasa STUPAR [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, November 28, 2002 11:50 AM
Original Message-
From: Sasa STUPAR [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 28, 2002 11:50 AM
To: [EMAIL PROTECTED]
Subject: Re: Problems with creating own CA
One thing, if I try to use directly with the command "openssl req -new
-x509 -days 365 -key ca.key -out ca.crt" I g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 28 November 2002 05:53 pm, Sasa STUPAR wrote:
>I have here made a printscr and save it in a word doc. Please look at
>it, maybe it will give same clue.
in fact!
it seems that you lack openssl.conf pathname in your env vars
check your env
One thing, if I try to use directly with the command "openssl req -new
-x509 -days 365 -key ca.key -out ca.crt" I get back error like before
with also that it canot load config info.
Any idea ?
Maurizio Marini a écrit:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Thursday 28 November
Well, I have added what you've told me but still the same problem.
Maurizio Marini a écrit:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Thursday 28 November 2002 05:01 pm, Sasa STUPAR wrote:
> >They are already uncommented. Here is attached my config file.
> I've:
> commonName
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 28 November 2002 05:01 pm, Sasa STUPAR wrote:
>They are already uncommented. Here is attached my config file.
I've:
commonName = Common Name (eg, your name or your server\'s
hostname)
commonName_max =
They are already uncommented. Here is attached my config file.
Maurizio Marini a écrit:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Thursday 28 November 2002 03:45 pm, Sasa STUPAR wrote:
> "unable to find a 'distinguished_name' in config".
>
> in your openssl.cnf you should uncomme
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 28 November 2002 03:45 pm, Sasa STUPAR wrote:
"unable to find a 'distinguished_name' in config".
in your openssl.cnf you should uncomment lines regarding distinguished_name;
otherwise re-post with it attached
- --
Maurizio Marini
-B
Hi !
I am trying to create my own CA. The creation of a key file is fine.
When I try to create a CSR file I get back an error "unable to find a
'distinguished_name' in config".
I am runing on winXP with openssl 0.9.6g. I wanted to make a server
certificate for my Apache.
Pl
he browser.
Cheers
Jose
-Original Message-
From: Brian Lavender [mailto:brian@;brie.com]
Sent: 18 October 2002 03:30
To: [EMAIL PROTECTED]
Subject: Configuring my own CA
I am trying to configure my web server so when user brian attempts
to connect to https://myhost/brian/ it authenticat
questions.
Do I need to create my own Certificate Authority? If I create my
own CA, how do I get Netscape to use it as a CA? I am using Netscape
4.7 on Solaris. If I create my own CA, does my Apache/modssl server perform
that function?
Do I need to create a certificate for Brian? Does it have to be
Hi Ed,
works fine!
Many thanks
Markus
PS: Only one typo, I corrected below for others convenience.
Datum: 12.03.2002 19:20
An:[EMAIL PROTECTED]
Antwort an:[EMAIL PROTECTED]
Betreff: Re: Antwort: RE: Sign a server CSR with my own CA
Nachrichtentext
emailAddress = optional
That should do it. There are undoubtedly typo's in there somewhere.
Good luck,
Ed
>From: "Markus Dallmann" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: Antwort: RE: Sign a server C
Done, but nothing found.
Datum: 12.03.2002 16:14
An:<[EMAIL PROTECTED]>
Antwort an:[EMAIL PROTECTED]
Betreff: RE: Sign a server CSR with my own CA
Nachrichtentext:
Search for CA.pl
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PRO
Search for CA.pl
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Markus Dallmann
Sent: Tuesday, March 12, 2002 8:14 AM
To: [EMAIL PROTECTED]
Subject: Sign a server CSR with my own CA
Hi,
I'm using a win32 binary version of Perl 5.6.1, mod_perl
ssing openssl.cnf from www.modssl.org) and build my own CA.
But now I have problems to sign the CRT with my own CA, because there is no sign.sh
script for WinNT. I tried it with 'openssl ca' and go through several error messages
(last was missing index.txt).
Does anybody succeeded in this?
ady Genkin" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 16, 2001 10:01 PM
Subject: Re: R: Cert signed by own CA and IE
> "Andrea Cerrito" <[EMAIL PROTECTED]> writes:
>
> > > > > Connecting to a secure site with a certificate s
M
Subject: Re: R: Cert signed by own CA and IE
> "Andrea Cerrito" <[EMAIL PROTECTED]> writes:
>
> > > > > Connecting to a secure site with a certificate signed by own CA,
IE
> > > > > seems to provide no obvious way of permanently adding the c
"Andrea Cerrito" <[EMAIL PROTECTED]> writes:
> > > > Connecting to a secure site with a certificate signed by own CA, IE
> > > > seems to provide no obvious way of permanently adding the cert to the
> > > > browser's configuration. As a
ale-
> Da: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]Per conto di Paul-Catalin Oros
> Inviato: venerdi 18 maggio 2001 17.59
> A: [EMAIL PROTECTED]
> Oggetto: Re: R: Cert signed by own CA and IE
>
>
> Hi Arcady!
>
> Have you solved your problem? I wasw able to in
Paul-Catalin Oros <[EMAIL PROTECTED]> writes:
> Have you solved your problem? I wasw able to install your
> Certificate, after I installed your self-signed CA certificate. Is
> it possible this to be the missing step in your testing? The CA cert
> has to be added to your root auth., then you'll b
erver certificate.
Hope this help,
Paul
PS: I am using IE 5.0
On Wed, 16 May 2001, Arcady Genkin wrote:
> "Andrea Cerrito" <[EMAIL PROTECTED]> writes:
>
> > > > > Connecting to a secure site with a certificate signed by own CA, IE
> > > > > seems
Arcady Genkin wrote:
>
> The documentation states that being one's own CA is insecure in the
> Internet environment, while is acceptable on the intra-net. Could
> anyone explain the issues implied by that statement?
SSL is not less secure if you are your own CA, at least
"Andrea Cerrito" <[EMAIL PROTECTED]> writes:
> > > > Connecting to a secure site with a certificate signed by own CA, IE
> > > > seems to provide no obvious way of permanently adding the cert to the
> > > > browser's configuration. As a
L PROTECTED]
> [mailto:[EMAIL PROTECTED]]Per conto di Arcady Genkin
> Inviato: mercoledi 16 maggio 2001 19.11
> A: [EMAIL PROTECTED]
> Cc: Andrea Cerrito
> Oggetto: Re: Cert signed by own CA and IE
>
>
> "Andrea Cerrito" <[EMAIL PROTECTED]> writes:
>
> >
"Andrea Cerrito" <[EMAIL PROTECTED]> writes:
> > Connecting to a secure site with a certificate signed by own CA, IE
> > seems to provide no obvious way of permanently adding the cert to the
> > browser's configuration. As a result, a warning that "
; [mailto:[EMAIL PROTECTED]]Per conto di Arcady Genkin
> Inviato: mercoledi 16 maggio 2001 10.31
> A: [EMAIL PROTECTED]
> Oggetto: Cert signed by own CA and IE
>
>
> Connecting to a secure site with a certificate signed by own CA, IE
> seems to provide no obvious way of perm
Connecting to a secure site with a certificate signed by own CA, IE
seems to provide no obvious way of permanently adding the cert to the
browser's configuration. As a result, a warning that "The security
certificate is issued by a company you have not chosen to trust..." is
displ
The documentation states that being one's own CA is insecure in the
Internet environment, while is acceptable on the intra-net. Could
anyone explain the issues implied by that statement?
Also, to what extent is the user inconvenienced by an SSL site using
certificate signed by a non-well-
Hello,
I am trying to create and use my own CA per : http://www.modssl.org/dosc/2.6/ssl_faq.html (How can I create and use my own Certificate Authority)?
I get the following error when I :
./sign.sh server.csr and opt to commit
1 out of 1 certificate requests certified, commit? [y/n]y
Write out
hi all
thanks for your suggestion on creating ca(following
use manual in mod_ssl>faq>
"how can i create and use my own ca?"
however i still can't get step 3/4 to work-i.e.
creating server cert.
i can't find the sign.sh nor CA.pl in my system!!
i'm using suse6.4 k
Friday, August 18, 2000, 12:56:45, "tk dev" <[EMAIL PROTECTED]> wrote:
> how can i create and use my own certificate authority(ca)?
See http://www.trustix.com/~jou/ssl/certificates.html. It describes a
series of step-by-step .sh scripts for making certificates.
--GZ
___
The sign.sh tool is in the pkg.contrib in out mod_ssl directory.
There is also another prog 'CA.pl' which could be used to generate a CA
sign certificates etc. It is locateed in the openssl/apps directory
CU Marcus
tk dev wrote:
> hi all,
>
> ust read the mod_ssl manual -faq section.
> i'm refe
hi all,
ust read the mod_ssl manual -faq section.
i'm referring to the ques:
how can i create and use my own certificate
authority(ca)?
- i can follow until step 2, which is creating a
self-signed ca.
unfortunately when it comes to step 3...which stated
that i need the 'sign.sh', i can't find t
On Fri, Jul 14, 2000 at 05:42:12PM +0200, Eric Draven wrote:
> Hi all,
>
> I have an Apache Server runnning in a Red Hat 6.2, and i want to now if i
> can create a C.A for private use, it doesn´t matter the certificates don't
> be reconized for another CAs. How can i do it?
>
Check the FAQ: ht
Hi all,
I have an Apache Server runnning in a Red Hat 6.2, and i want to now if i
can create a C.A for private use, it doesn´t matter the certificates don't
be reconized for another CAs. How can i do it?
Thanks,
Fidel
Ge
On Tue, Jun 06, 2000 at 10:20:48PM +0200, Robin Aly wrote:
> Hello,
>
> my problem is in understanding the technique used to build up a own CA, as discribed
>in your faq (ssl_faq.html#ToC29). i somehow get along with the signing stuff, but
>can't imagine how the CA would
Have you looked at OpenCA?
http://www.openca.org/
Hans
Robin Aly wrote:
>
> Hello,
>
> my problem is in understanding the technique used to build up a own CA, as
> discribed in your faq (ssl_faq.html#ToC29). i somehow get along with the
> signing stuff, but can't i
Hello,
my problem is in understanding the technique used
to build up a own CA, as discribed in your faq (ssl_faq.html#ToC29). i somehow
get along with the signing stuff, but can't imagine how the CA would run. I mean
I don't start any service. where does the client get his ok,
> --
> From: Gustavo Amarilla[SMTP:[EMAIL PROTECTED]]
> Reply To: [EMAIL PROTECTED]
> Sent: 21 March 2000 19:54
> To: modssl-users
> Cc: openssl-users
> Subject: Create my own CA
>
> I download the Apache/1.3.12 mod_ssl/2.6.2 and
During the process of creating your own CA, you came up with a 'ca.crt'
file (the FIRST .crt file that you came up with). You need to download
this into your client, as a specific MIME type.
(application/x-x509-certificate)
For MSIE, it requires it to be sent in .der format
I download the Apache/1.3.12 mod_ssl/2.6.2 and openssl-0.9.5.and I created
my own CA, and I will do my own CA certified entity, because we can not pay
to a entity like Virisign or something, but when I used MS Explorer 5.0 or
Netscape 4.0
those program say to me:"I don't recognize th
Perhaps this site could help : http://slwww.epfl.ch/SIC/SL/CA/
Marek Schneider - AIS wrote:
> hello,
>
> could anybody help refer to the subject ?
>
> Thanks in advance !
>
> best regards,
> Marek
>
> P.S. mod_ssl is a great job ... @ rse
>
> _
Mark,
What kind of info do you need? I have a complete system (opensource)
that I developed for a unix/linux system that establishes a private CA
except for the certificate control in a database or ldap system.
If you would like more info, please let me know!
Thanks,
Murrah Boswell
[EMAIL PROT
Marek Schneider - AIS wrote:
>
> hello,
>
> could anybody help refer to the subject ?
>
The following links may be of help
PyCA - http://sites.inka.de/ms/python/pyca/
OpenCA - http://www.openca.org/
--
Hannu
_
hello,
could anybody help refer to the subject ?
Thanks in advance !
best regards,
Marek
P.S. mod_ssl is a great job ... @ rse
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing Li
Full_Name: Claude Gross
Version: 2.4.9
OS: Linux 2.2.12-20smp i386 (redhat 6.1)
Submission from: noyer.grenoble.urec.cnrs.fr (195.220.197.22)
Server: Apache/1.3.9 (Unix) mod_ssl/2.4.9 OpenSSL/0.9.4
I want to use certificate delivered by my own CA.
I have done the following :
- openssl
Again on the same subject. Sorry for the trafic but this time I was able
to build the DER format with information from the FAQ. Only it didn't
work. I added the appropriate type in mime.types, copied my ca.cacert to
every directory of the secure server's page tree (including the
directory under cg
About DER... forget it. I just found it in mod_ssl's FAQ. Duh!
--
___THE___ "Commercial OS vendors are, at the moment, all closed
\ \ / / economies, and doomed to fall in their competition with
\ V / open economies just as communism eventually fell."
\ /
I'm coming back to this thread because we finnaly put our secure server
into production (self-signed). I'd like to use the suggestions below to
get rid of the annoying "Unknown certificate" browser messages. (And
hopefully it will work at all with IE 3).
But the syntax to openssl has changed from
Axel Findling wrote:
> > By the way, is there such hack to Netscape too?
>
> 1. You can Import the CAs Publick Key to Netscape (Steffen wrote abaout
> this) and than copy the cert7.db file to another Netscape (4.x)-Profile.
>
> 2. You can use the Client Configuration Kit from Netscape to add a CA
Hi,
> By the way, is there such hack to Netscape too?
1. You can Import the CAs Publick Key to Netscape (Steffen wrote abaout
this) and than copy the cert7.db file to another Netscape (4.x)-Profile.
2. You can use the Client Configuration Kit from Netscape to add a CA-Key
to the 'netscape.cfg'
Steffen Dettmer wrote:
> > certificate expires, IE 3 disallows access altogether. Anyway I can hack
> > the Registry or something like that so IE3/4/5 users can go to my site?
> > Like, adding my phony CA to IE's list of CAs?
> >
> > By the way, is there such hack to Netscape too?
>
> take a .hta
OTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, March 24, 1999 4:10 PM
Subject: Now I can be my own CA but there's more...
>Carlo Marcelo Arenas Belon wrote:
>>
>> Juan Carlos Castro y Castro wrote:
>> >
>> > Hi! I just bought a Brazilian RH Linux dis
> certificate expires, IE 3 disallows access altogether. Anyway I can hack
> the Registry or something like that so IE3/4/5 users can go to my site?
> Like, adding my phony CA to IE's list of CAs?
>
> By the way, is there such hack to Netscape too?
take a .htaccess and include the following line
Carlo Marcelo Arenas Belon wrote:
>
> Juan Carlos Castro y Castro wrote:
> >
> > Hi! I just bought a Brazilian RH Linux distribution with Apache 1.3.3
> > and mod_ssl 2.0.something. When I follow the instructions to create my
> > own CA and sign the server certific
Juan Carlos Castro y Castro wrote:
>
> Hi! I just bought a Brazilian RH Linux distribution with Apache 1.3.3
> and mod_ssl 2.0.something. When I follow the instructions to create my
> own CA and sign the server certificate I just created, I get this in the
> verification phase:
&g
Hi! I just bought a Brazilian RH Linux distribution with Apache 1.3.3
and mod_ssl 2.0.something. When I follow the instructions to create my
own CA and sign the server certificate I just created, I get this in the
verification phase:
CA verifying: server.crt <-> CA cert
server.crt:
/C=BR/
62 matches
Mail list logo
