You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by John Turner <to...@johnturner.com> on 2003/04/08 16:56:54 UTC

[OFF-TOPIC] Re: SSL and Apache!!!!!!

On Tue, 8 Apr 2003 09:27:50 -0400, RK Paleru <rp...@uncc.edu> wrote:

>
> Things Done by Me:
>
> 1. I thought I had two options of either installing SSL using (i) Apache- 
> SSL
> or (ii) mod_ssl with OpenSSL.

If you are using Apache 1.3.x, you need mod_ssl.  If you are using Apache 
2, mod_ssl has been included.  To see if you have mod_ssl enabled, do 
"/path/to/apache/bin/httpd -l"

> 2. I chose the second option of mod_ssl with Open SSL. (though am not 
> sure
> now if the version of mod_ssl is only for Apache 1.3.x when I actually 
> have
> 2.0.43)

See above.

> 3. I downloaded mod_ssl actually and OpenSSL and followd step by step of 
> the
> steps suggested in this
> site....http://raibledesigns.com/tomcat/ssl-howto.html

OK

> 4. When I ran "openssl req -new -out server.csr" I get the Keys Generated
> but get an error saying that some environment variable may not be set.

What environment variable?  OPENSSL_CONF?  If OPENSSL_CONF, did you read 
the errata at Matt Raible's site?

> 6. I am using Windows 2000 Professional Server
>

OK

> Things needing Clarification:
>
> 1. Any help in finding out which connector I am using for Apache - Tomcat
> talking (Jk or JK2) might be helpful (not a must to help).

Which did you install?  Which one does Apache load?  Which properties files 
are you using, workers.properties or jk2.properties?  Does your Apache 
config have "JkMount" in it or "JkUriSet" or nothing?

> 2. Is mod_ssl for Apache 1.3.X or for even 2.0.X. I see from mod_ssl 
> sites
> that mod_ssl is only for 1.3.x....... What is the latest way in dealing 
> with
> installing SSL for my Apache????

This is covered to some length on Matt's site.  Under section 2, "getting 
OpenSSL", it says "(You can get the 2.0.42 version at 
http://hunter.campbus.com/, older packages are also available at 
http://hunter.campbus.com). Download and unzip it to a new directory. "

I just checked there and the site owner offers a file called Apache_2.0.45- 
Openssl_0.9.7a-Win32.zip which seems to be exactly what you would need.

> 3. How to go about accomplishing the setting up and generate / publish 
> keys
> / certificates.

This would be openssl related, and covered in the openssl docs.  Also 
covered in section 3 of Matt's document: "Creating a test certificate".  
For example, to create a self-signed certificate that expires in one year 
and that your users can install in their browsers:

openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 
365

>
> regards
>
> RK
>

John



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org