Sander, SALUTE !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
After performing your suggested steps 1), 2) and 3), I am able to connect to a HTTPS-based WebDAV server, as expected. (In other words, yes, it was in fact, "ssl.conf" interference at its worst). Thanks, Thanks, Thanks ...... (repeated infinite times :-) ) Thanks and Regards, Ajay On Sun, Mar 25, 2012 at 10:02 PM, Sander Temme <scte...@apache.org> wrote: > Ajay, > > Let's table the issue of certificates, and move on to getting your server > started. You have a good key, and a good certificate. The fact that you > can run openssl s_server with it proves that. > > What concerns me is that you have mod_ssl configuration language in your > main configuration file. When you use the Red Hat supplied httpd > configuration, it Includes everything in /etc/httpd/conf.d. > > Among the files in this directory is ssl.conf, which contains > configuration language for a VirtualHost on port 443. With its own > SSLCertificateFile, and its own SSLCertificateKeyFile. What if those > configuration options are interfering with yours, and you end up using a > mixture of the two? I'm actually not sure what would happen. > > Please try the following: > > 1) Comment out your VirtualHost definition at the bottom of httpd.conf > 2) Find the SSLCertificateFile and SSLCertificateKeyFile parameters in > conf.d/ssl.conf, and substitute your key and certificate file paths. > 3) Stop and start your server. Does it start up now? Can you connect to > it with a browser? > > S. > > > On Mar 24, 2012, at 10:52 PM, Ajay Garg wrote: > > > Thanks a ton, Daniel. > > > > I think, you are the first one to hit the nail on the head :-) > > Thanks again; I am obliged. > > > > Daniel, it seems that for generating certificates "class 2" > identification is required (http://www.startssl.com/?app=34) > > > > Anyhow, since currently I am just in the development/testing phase, so > what I just need is the feature working. > > > > Sorry if I may sound a bit too demanding, but I will be really grateful > if you could let me now the appropriate commands to generate appropriate > "SSLCertificateKeyFile" and "SSLCertificateFile", which will get the > "connection to HTTPS WebDAV" server working (just about working locally). > For production-based deployment, certificates can be generated on an > official basis by my organisation. > > > > > > Thanks and Regards, > > Ajay > > > > On Sat, Mar 24, 2012 at 6:50 PM, Daniel Ruggeri <drugg...@primary.net> > wrote: > > On 3/23/2012 11:47 PM, Ajay Garg wrote: > > > I used the following command to generate the ".key" and ".crt" :: > > > > > > > ################################################################################################################ > > > openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout > > > ssl.key -out ssl.crt > > > > ################################################################################################################ > > > > > > > > > I will be grateful, if you could let me know the required command(s) > > > to generate the "RSA Server Certificate", and the ".key" :-) > > > > You already have both (ssl.key is your private key and ssl.crt is your > > certificate file). The key becomes SSLCertificateKeyFile and the cert > > becomes SSLCertificateFile in your httpd.conf. Since you generated both > > at the same time, they are sure to match. > > > > It's important to note that you now have what is called a self-signed > > cert (its identity is only vouched for by itself) and practically every > > client on the Internet will warn or refuse to connect to your server. > > It's up to you to decide if that is a problem or not - if this is > > something you will only use privately, it's probably OK. > > > > To get past this, you need to generate a certificate signing request and > > send it to a reputable CA for signing. I believe > > http://www.startssl.com/ offers this service for free, but there a few > > other free ones out there. > > > > openssl req -out ssl.csr -key ssl.key -new > > > > (This generates ssl.csr which you can safely email to be signed) > > > > -- > > Daniel Ruggeri > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > > > > > -- > scte...@apache.org http://www.temme.net/sander/ > PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A > > View my availability: http://tungle.me/sctemme > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
