You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by cn...@nycap.rr.com on 2004/06/09 21:47:54 UTC

[users@httpd] Generating keys for mod_ssl

(I'm not sure this is quite the right forum to ask but I hope you'll bear with me though what might be an only tangentially-related question.)

I'm trying to get set up to use mod_ssl with Apache httpd 1.29.  For various reasons, I can't get openssl to install and run on my Linux system.  I was able to get Sun's keytool installed but it seems to generate keys in a different format (I'm not sure how to get keytool to create a server.key to put in my ssl.key directory).  

I've found some web resources which talk me thought using openssl to configure mod_ssl files and pages that talk about jsse vs. mod_ssl or keytool vs. openssl but nothing that really helps me do what I need to do: generate a self-signed certificate (and corresponding private key) for my web server.  Now I'm trying to understand enough to ask better questions or figure out what's going wrong.

- Can I use keytool to create the files for mod_ssl?  How do I get data out of a keytool keystore and into a mod_ssl ssl.key file?

- I inherited this system from someone else and don't understand why he did somethings.  Like, why would I ever want a server.csr file on my production system.  Isn't certificate signing something that'd be done offline?

- What do I really need to run mod_ssl?  Just ssl.key/server.key and ssl.crt/server/crt?  What else?  Why?

Thanks for any pointers.

                            Chris


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] Generating keys for mod_ssl

Posted by Vasiliy Boulytchev <va...@boulytcheva.com>.
Check out our site, its simple as heck, and we broke down it in two, IIS and
apache+mod_ssl.

http://coinfotech.com 


Vasiliy Boulytchev
Colorado Information Technologies, Inc.
http://www.coinfotech.com

-----Original Message-----
From: Mikey [mailto:empurium@empy.org] 
Sent: Wednesday, June 09, 2004 6:04 PM
To: users@httpd.apache.org; cnelson@nycap.rr.com
Subject: Re: [users@httpd] Generating keys for mod_ssl


I recommend going to www.thawte.com and looking at their documentation for
generating a key for Apache+mod_ssl. They have really thorough, easy-to-read
documentation on generating keys.












-mikey

On Wed, 09 Jun 2004 15:47:54 -0400, cnelson@nycap.rr.com wrote:
> (I'm not sure this is quite the right forum to ask but I hope you'll 
> bear with me though what might be an only tangentially-related
> question.)
> 
> I'm trying to get set up to use mod_ssl with Apache httpd 1.29.  For 
> various reasons, I can't get openssl to install and run on my Linux 
> system.  I was able to get Sun's keytool installed but it seems to 
> generate keys in a different format (I'm not sure how to get keytool 
> to create a server.key to put in my ssl.key directory).
> 
> I've found some web resources which talk me thought using openssl to 
> configure mod_ssl files and pages that talk about jsse vs. mod_ssl or 
> keytool vs. openssl but nothing that really helps me do what I need to 
> do: generate a self-signed certificate (and corresponding private
> key) for my web server.  Now I'm trying to understand enough to ask 
> better questions or figure out what's going wrong.
> 
> - Can I use keytool to create the files for mod_ssl?  How do I get 
> data out of a keytool keystore and into a mod_ssl ssl.key file?
> 
> - I inherited this system from someone else and don't understand why 
> he did somethings.  Like, why would I ever want a server.csr file on 
> my production system.  Isn't certificate signing something that'd be 
> done offline?
> 
> - What do I really need to run mod_ssl?  Just ssl.key/server.key and 
> ssl.crt/server/crt?  What else?  Why?
> 
> Thanks for any pointers.
> 
>                             Chris
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Generating keys for mod_ssl

Posted by Mikey <em...@empy.org>.
I recommend going to www.thawte.com and looking at their documentation 
for generating a key for Apache+mod_ssl. They have really thorough, 
easy-to-read documentation on generating keys.












-mikey

On Wed, 09 Jun 2004 15:47:54 -0400, cnelson@nycap.rr.com wrote:
> (I'm not sure this is quite the right forum to ask but I hope you'll 
> bear with me though what might be an only tangentially-related 
> question.)
> 
> I'm trying to get set up to use mod_ssl with Apache httpd 1.29.  For 
> various reasons, I can't get openssl to install and run on my Linux 
> system.  I was able to get Sun's keytool installed but it seems to 
> generate keys in a different format (I'm not sure how to get keytool 
> to create a server.key to put in my ssl.key directory).  
> 
> I've found some web resources which talk me thought using openssl to 
> configure mod_ssl files and pages that talk about jsse vs. mod_ssl or 
> keytool vs. openssl but nothing that really helps me do what I need 
> to do: generate a self-signed certificate (and corresponding private 
> key) for my web server.  Now I'm trying to understand enough to ask 
> better questions or figure out what's going wrong.
> 
> - Can I use keytool to create the files for mod_ssl?  How do I get 
> data out of a keytool keystore and into a mod_ssl ssl.key file?
> 
> - I inherited this system from someone else and don't understand why 
> he did somethings.  Like, why would I ever want a server.csr file on 
> my production system.  Isn't certificate signing something that'd be 
> done offline?
> 
> - What do I really need to run mod_ssl?  Just ssl.key/server.key and 
> ssl.crt/server/crt?  What else?  Why?
> 
> Thanks for any pointers.
> 
>                             Chris
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org