Ajay, Let's table the issue of certificates, and move on to getting your server started. You have a good key, and a good certificate. The fact that you can run openssl s_server with it proves that.
What concerns me is that you have mod_ssl configuration language in your main configuration file. When you use the Red Hat supplied httpd configuration, it Includes everything in /etc/httpd/conf.d. Among the files in this directory is ssl.conf, which contains configuration language for a VirtualHost on port 443. With its own SSLCertificateFile, and its own SSLCertificateKeyFile. What if those configuration options are interfering with yours, and you end up using a mixture of the two? I'm actually not sure what would happen. Please try the following: 1) Comment out your VirtualHost definition at the bottom of httpd.conf 2) Find the SSLCertificateFile and SSLCertificateKeyFile parameters in conf.d/ssl.conf, and substitute your key and certificate file paths. 3) Stop and start your server. Does it start up now? Can you connect to it with a browser? S. On Mar 24, 2012, at 10:52 PM, Ajay Garg wrote: > Thanks a ton, Daniel. > > I think, you are the first one to hit the nail on the head :-) > Thanks again; I am obliged. > > Daniel, it seems that for generating certificates "class 2" identification is > required (http://www.startssl.com/?app=34) > > Anyhow, since currently I am just in the development/testing phase, so what I > just need is the feature working. > > Sorry if I may sound a bit too demanding, but I will be really grateful if > you could let me now the appropriate commands to generate appropriate > "SSLCertificateKeyFile" and "SSLCertificateFile", which will get the > "connection to HTTPS WebDAV" server working (just about working locally). For > production-based deployment, certificates can be generated on an official > basis by my organisation. > > > Thanks and Regards, > Ajay > > On Sat, Mar 24, 2012 at 6:50 PM, Daniel Ruggeri <drugg...@primary.net> wrote: > On 3/23/2012 11:47 PM, Ajay Garg wrote: > > I used the following command to generate the ".key" and ".crt" :: > > > > ################################################################################################################ > > openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout > > ssl.key -out ssl.crt > > ################################################################################################################ > > > > > > I will be grateful, if you could let me know the required command(s) > > to generate the "RSA Server Certificate", and the ".key" :-) > > You already have both (ssl.key is your private key and ssl.crt is your > certificate file). The key becomes SSLCertificateKeyFile and the cert > becomes SSLCertificateFile in your httpd.conf. Since you generated both > at the same time, they are sure to match. > > It's important to note that you now have what is called a self-signed > cert (its identity is only vouched for by itself) and practically every > client on the Internet will warn or refuse to connect to your server. > It's up to you to decide if that is a problem or not - if this is > something you will only use privately, it's probably OK. > > To get past this, you need to generate a certificate signing request and > send it to a reputable CA for signing. I believe > http://www.startssl.com/ offers this service for free, but there a few > other free ones out there. > > openssl req -out ssl.csr -key ssl.key -new > > (This generates ssl.csr which you can safely email to be signed) > > -- > Daniel Ruggeri > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- scte...@apache.org http://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
