You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by cn...@nycap.rr.com on 2004/06/09 21:47:54 UTC
[users@httpd] Generating keys for mod_ssl
(I'm not sure this is quite the right forum to ask but I hope you'll bear with me though what might be an only tangentially-related question.)
I'm trying to get set up to use mod_ssl with Apache httpd 1.29. For various reasons, I can't get openssl to install and run on my Linux system. I was able to get Sun's keytool installed but it seems to generate keys in a different format (I'm not sure how to get keytool to create a server.key to put in my ssl.key directory).
I've found some web resources which talk me thought using openssl to configure mod_ssl files and pages that talk about jsse vs. mod_ssl or keytool vs. openssl but nothing that really helps me do what I need to do: generate a self-signed certificate (and corresponding private key) for my web server. Now I'm trying to understand enough to ask better questions or figure out what's going wrong.
- Can I use keytool to create the files for mod_ssl? How do I get data out of a keytool keystore and into a mod_ssl ssl.key file?
- I inherited this system from someone else and don't understand why he did somethings. Like, why would I ever want a server.csr file on my production system. Isn't certificate signing something that'd be done offline?
- What do I really need to run mod_ssl? Just ssl.key/server.key and ssl.crt/server/crt? What else? Why?
Thanks for any pointers.
Chris
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Generating keys for mod_ssl
Posted by Vasiliy Boulytchev <va...@boulytcheva.com>.
Check out our site, its simple as heck, and we broke down it in two, IIS and
apache+mod_ssl.
http://coinfotech.com
Vasiliy Boulytchev
Colorado Information Technologies, Inc.
http://www.coinfotech.com
-----Original Message-----
From: Mikey [mailto:empurium@empy.org]
Sent: Wednesday, June 09, 2004 6:04 PM
To: users@httpd.apache.org; cnelson@nycap.rr.com
Subject: Re: [users@httpd] Generating keys for mod_ssl
I recommend going to www.thawte.com and looking at their documentation for
generating a key for Apache+mod_ssl. They have really thorough, easy-to-read
documentation on generating keys.
-mikey
On Wed, 09 Jun 2004 15:47:54 -0400, cnelson@nycap.rr.com wrote:
> (I'm not sure this is quite the right forum to ask but I hope you'll
> bear with me though what might be an only tangentially-related
> question.)
>
> I'm trying to get set up to use mod_ssl with Apache httpd 1.29. For
> various reasons, I can't get openssl to install and run on my Linux
> system. I was able to get Sun's keytool installed but it seems to
> generate keys in a different format (I'm not sure how to get keytool
> to create a server.key to put in my ssl.key directory).
>
> I've found some web resources which talk me thought using openssl to
> configure mod_ssl files and pages that talk about jsse vs. mod_ssl or
> keytool vs. openssl but nothing that really helps me do what I need to
> do: generate a self-signed certificate (and corresponding private
> key) for my web server. Now I'm trying to understand enough to ask
> better questions or figure out what's going wrong.
>
> - Can I use keytool to create the files for mod_ssl? How do I get
> data out of a keytool keystore and into a mod_ssl ssl.key file?
>
> - I inherited this system from someone else and don't understand why
> he did somethings. Like, why would I ever want a server.csr file on
> my production system. Isn't certificate signing something that'd be
> done offline?
>
> - What do I really need to run mod_ssl? Just ssl.key/server.key and
> ssl.crt/server/crt? What else? Why?
>
> Thanks for any pointers.
>
> Chris
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Generating keys for mod_ssl
Posted by Mikey <em...@empy.org>.
I recommend going to www.thawte.com and looking at their documentation
for generating a key for Apache+mod_ssl. They have really thorough,
easy-to-read documentation on generating keys.
-mikey
On Wed, 09 Jun 2004 15:47:54 -0400, cnelson@nycap.rr.com wrote:
> (I'm not sure this is quite the right forum to ask but I hope you'll
> bear with me though what might be an only tangentially-related
> question.)
>
> I'm trying to get set up to use mod_ssl with Apache httpd 1.29. For
> various reasons, I can't get openssl to install and run on my Linux
> system. I was able to get Sun's keytool installed but it seems to
> generate keys in a different format (I'm not sure how to get keytool
> to create a server.key to put in my ssl.key directory).
>
> I've found some web resources which talk me thought using openssl to
> configure mod_ssl files and pages that talk about jsse vs. mod_ssl or
> keytool vs. openssl but nothing that really helps me do what I need
> to do: generate a self-signed certificate (and corresponding private
> key) for my web server. Now I'm trying to understand enough to ask
> better questions or figure out what's going wrong.
>
> - Can I use keytool to create the files for mod_ssl? How do I get
> data out of a keytool keystore and into a mod_ssl ssl.key file?
>
> - I inherited this system from someone else and don't understand why
> he did somethings. Like, why would I ever want a server.csr file on
> my production system. Isn't certificate signing something that'd be
> done offline?
>
> - What do I really need to run mod_ssl? Just ssl.key/server.key and
> ssl.crt/server/crt? What else? Why?
>
> Thanks for any pointers.
>
> Chris
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org