Well, "a while" turned out to be one day. Stuck again.
I found a web page that had some info on it, It shows a command (openssl
req) to create a privately signed SSL key. Unfortunately, it doesn't
explain that command, but 'man req 1' has more information such as what
'-x509' does for me (this has got to be one of the greatest parameter
keywords of all time). However, the example include this on the openssl
command line:
-subj /O=VirtualH/OU=Virtual/CN=127.0.0.1
The man req 1 page says this consists of a subject line with sub-options
/O as "VirtualH", /OH as "Virtual", and "CN" as "127.0.0.1", and no
blanks. But I can find nothing, NOTHING, that explain what the
suboptions of the -subj parameter are. What is O? What is OU? What is
CN? Is 'VirtualH' a name for the virtual host? Where is that documented,
does anyone know?
I'd like to get the company name into that certificate somewhere, but
don't yet see how.
Thank you.
> Thank you very much Yehuda. I think I am launched and can follow
> on for a while by myself.
>
>
>>
>>
>> On Thu, Apr 3, 2014 at 6:10 AM, Andy Canfield
>> <[email protected] <mailto:[email protected]>> wrote:
>>
>>
>> Files:
>>
>> -rw-r--r-- 1 root 859 Apr 3 11:45 /etc/apache2/ssl/crt/vhost1.crt
>>
>> -rw-r--r-- 1 root 916 Apr 3 11:45 /etc/apache2/ssl/key/vhost1.key
>>
>> So AFAIK I've got a certificate I've generated myself. Nobody
>> vouches for me but it shoud enable encryption and make my
>> TCP/IP packets hard to read.
>>
>> Contents of /etc/apache2/ports.conf:
>> NameVirtualHost *:80
>> Listen 80
>>
>> <IfModule mod_ssl.c>
>> Listen 443
>> </IfModule>
>> <IfModule mod_gnutls.c>
>> Listen 443
>> </IfModule>
>>
>> Files:
>>
>> -rw-r--r-- 1 andy 1439 Apr 3 14:48
>> /etc/apache2/sites-available/default
>> -rw-r--r-- 1 andy 7485 Jun 16 2011
>> /etc/apache2/sites-available/default-ssl
>> -rw-r--r-- 1 root 7469 Feb 7 2012
>> /etc/apache2/sites-available/default-ssl.original
>> -rw-r--r-- 1 root 950 Feb 7 2012
>> /etc/apache2/sites-available/default.original
>>
>> I see here that /etc/apache2/sites-available has one symbolic
>> link to /etc/apache2/sites-available/default, and no symbolic
>> links to any of the other entries in the sites-available
>> directory. Also all the other entries in
>> /etc/apache2/sites-available are symbolic links to
>> configuration files such as
>>
>> lrwxrwxrwx 1 root 21 May 6 2012
>> /etc/apache2/sites-enabled/opal.conf -> /www/opal/apache.conf
>>
>> These links have been working fine for years as links into
>> the site control directory and not into 'sites-available'.
>> But perhaps that is wrong.
>>
>> Maybe what I need is a symbolic link from sites-enabled to
>> ../sites-available/default-ssl ? Nope, tested, did not solve
>> the problem....
>>
>> When I give this command (as root) -
>>
>> /etc/init.d/apache2 restart
>>
>> I see only this output:
>>
>> apache2: Could not reliably determine the server's fully
>> qualified domain name, using 192.168.1.112 for ServerName
>> ... waiting apache2: Could not reliably determine the
>> server's fully qualified domain name, using 192.168.1.112 for
>> ServerName
>>
>>
>> [ OK ]
>>
>> But nmap still says that nothing is listening to port 443.
>>
>> Thank you Oren.
>>
>>
>> On 04/03/2014 04:04 PM, Oren wrote:
>>> Hi Andy.
>>> Process basically include getting/creating a certificate,
>>> define it on your site and reload apache.
>>> here is a centos manual which is not exactly the same on
>>> ubuntu but pretty much explains the order of things
>>> http://wiki.centos.org/HowTos/Https
>>>
>>> on ubuntu you will have to open the 443 port
>>> <IfModule mod_ssl.c>
>>> Listen 443
>>> </IfModule>
>>>
>>> once the https is ready, you can do a redirect to the https
>>> site from http. (with mod_rewrite)
>>>
>>> do you have logs or any information on what is not working?
>>>
>>> Oren
>>>
>>> On 04/03/2014 11:39 AM, Andy Canfield wrote:
>>>> I have been using apache for maybe ten years now, and
>>>> maintain two
>>>> servers in addition to the apache on my notebook computer
>>>> for testing.
>>>> All using Ubuntu Linux *.04 LTS. It now appears that I
>>>> ought to convert
>>>> from http to https.
>>>>
>>>> But the documentation is insane. A piece here, a piece
>>>> there, have to do
>>>> X (but first? and afterwards?). Assuming everything is else
>>>> is OK, this
>>>> is way you edit this line in VirtualHost file (there is no
>>>> "/etc/apache2/.../VirtualHost" file!)
>>>>
>>>> I figure that I need to do it in two steps:
>>>> [1] Get the https version up and running, and
>>>> [2] Make the http version automatically switch to https.
>>>>
>>>> But I can't get https working at all, for anything. There's
>>>> a "Listen
>>>> 443" in /etc/apache2/ports.conf but 'nmap localhost' says
>>>> 443 is a
>>>> closed port.
>>>>
>>>> Has anybody else ever converted a hosted site from http to
>>>> https? What
>>>> did you have to do to get the secure one working?
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>>
>>>> To unsubscribe, e-mail: [email protected]
>>>> <mailto:[email protected]>
>>>> For additional commands, e-mail:
>>>> [email protected]
>>>> <mailto:[email protected]>
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>>
>>> To unsubscribe, e-mail: [email protected]
>>> <mailto:[email protected]>
>>> For additional commands, e-mail: [email protected]
>>> <mailto:[email protected]>
>>>
>>>
>>> .
>>>
>>
>>
>
>
