You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Cliff Woolley <cl...@yahoo.com> on 2001/12/12 06:50:39 UTC
"make certificate" Doesn't Work, Apache 2.0.28, Unix, and mod_ssl
(fwd)
Acked. Did we decide what we're going to do about this? Or is it just
waiting on somebody to do it?
--Cliff
---------- Forwarded message ----------
Date: Tue, 11 Dec 2001 21:35:49 -0800
From: Kevin McQuiggin <mc...@sfu.ca>
Reply-To: modssl-users@modssl.org
To: modssl-users@modssl.org
Subject: "make certificate" Doesn't Work, Apache 2.0.28, Unix, and mod_ssl
Hi Group:
I want to create a dummy self-signed certificate. Despite the Apache
documentation, "make certificate" in the top-level source directory doesn't
work. There's no "certificate:" target in the Makefile.
Obviously once I have things working I'll be off to Verisign or Thawte for
a real cert.
I am working with Apache 2.0.28 under FreeBSD. I tried searching the list
archive for this problem with no luck. Any info appreciated, TIA.
Kevin
---
Kevin McQuiggin VE7ZD
mcquiggi@sfu.ca
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
Re: "make certificate" Doesn't Work, Apache 2.0.28, Unix, and mod_ssl (fwd)
Posted by Justin Erenkrantz <je...@ebuilt.com>.
On Wed, Dec 12, 2001 at 12:18:13PM -0500, Cliff Woolley wrote:
> Okay, sorry, I was confused. I didn't realize make certificate was the
> Snake Oil thing... I thought it was the script to generate a private key
> and a real CSR.
I'm not exactly sure what "make certificate" is in this context. =)
So, I may be confused.
But, if has the end result of creating a dummy certificate, that's
bad. But, if it creates a CSR, then that *might* be okay. However,
I'd rather see the whole key generation thing in the docs. Just to
make sure that people *read* the docs. And, the OpenSSL docs have
documentation for this anyway, IIRC. -- justin
Re: "make certificate" Doesn't Work, Apache 2.0.28, Unix, and mod_ssl (fwd)
Posted by "William A. Rowe, Jr." <wr...@covalent.net>.
----- Original Message -----
From: "Justin Erenkrantz" <je...@ebuilt.com>
To: <de...@httpd.apache.org>
Sent: Wednesday, December 12, 2001 12:37 AM
Subject: Re: "make certificate" Doesn't Work, Apache 2.0.28, Unix, and mod_ssl (fwd)
> On Wed, Dec 12, 2001 at 12:50:39AM -0500, Cliff Woolley wrote:
> >
> > Acked. Did we decide what we're going to do about this? Or is it just
> > waiting on somebody to do it?
>
> I think wrowe and I were of the mind that we shouldn't have any
> dummy certificates or any automated process to create a certificate.
No... I don't believe we should have a 'stock' dummy certificate of the
'snake oil' variety. If someone wanted to copy the modssl code to create
a 'temporary dummy cert' that's a different matter. Just don't try to
create dummy data for a ficticious entity as the 'snake oil' example did.
> This is a case where I believe it is best to not even try than do
> something that'll blow up in our faces later (It Worked anyone?).
:)
> I think we said that it is okay to point at a HOWTO (now do we write
> this HOWTO?). That's not really our responsibility. If you can't
> figure out how to create a certificate from the documentation, we
> don't want you running a SSL server that implicates the evil
> Snake-Oil company. =)
Exactly. If they can figure out how to create a certificate, then more
power to them (even a blow-by-blow howto would be good.) If they can't RTFM,
they are probably a long ways off from running an ssl-enabled server in
the first place (if they don't know what port 80 is, how on earth do we
expect them to netstat -an | grep "443" :-?)
Bill
Re: "make certificate" Doesn't Work, Apache 2.0.28, Unix, and
mod_ssl (fwd)
Posted by Cliff Woolley <cl...@yahoo.com>.
On Tue, 11 Dec 2001, Justin Erenkrantz wrote:
> On Wed, Dec 12, 2001 at 12:50:39AM -0500, Cliff Woolley wrote:
> >
> > Acked. Did we decide what we're going to do about this? Or is it just
> > waiting on somebody to do it?
>
> I think wrowe and I were of the mind that we shouldn't have any
> dummy certificates or any automated process to create a certificate.
> This is a case where I believe it is best to not even try than do
> something that'll blow up in our faces later (It Worked anyone?).
Okay, sorry, I was confused. I didn't realize make certificate was the
Snake Oil thing... I thought it was the script to generate a private key
and a real CSR.
--Cliff
--------------------------------------------------------------
Cliff Woolley
cliffwoolley@yahoo.com
Charlottesville, VA
RE: Ask about Virtual Hosts!?
Posted by Joshua Slive <jo...@slive.ca>.
> From: Tung Nguyen Thanh [mailto:tungntapache@yahoo.com]
>
> I can't run Virtual Host in Apache Webserver in Linux
> RedHat 7.0
> The site I creat in httpd.conf when I want to display
> on browser only index to a DocumentRoot of the first
> site.
>
>
> ServerRoot "/usr/local/apache"
> ServerName www.linux_vn.com
To start, underscores "_" are not a legal character in hostnames. It is a
bad idea to use them.
Second, please read http://httpd.apache.org/docs/vhosts/name-based.html
This explains in detail that the "main server" document root will never be
used for an IP
address that has name-virtual-hosting. Instead, you should setup a second
name virtual host that answers for what was the main server.
Joshua.
Ask about Virtual Hosts!?
Posted by Tung Nguyen Thanh <tu...@yahoo.com>.
I can't run Virtual Host in Apache Webserver in Linux
RedHat 7.0
The site I creat in httpd.conf when I want to display
on browser only index to a DocumentRoot of the first
site.
ServerRoot "/usr/local/apache"
ServerName www.linux_vn.com
DocumentRoot "/docs/htdocs"
# Use name-based virtual hosting.
NameVirtualHost www.linux_nt.com
<VirtualHost 209.167.130.166>
<Directory "/docs/htdocs">
Options All
AllowOverride None
Order allow,deny
Allow from all
</Directory>
servername www.linux_nt.com
errorlog /docs/logs/err_linux.log
customlog /docs/logs/cuslinux.log common
documentroot "/docs/htdocs"
directoryIndex index.html
</virtualhost>
How can I do !? Help me!
__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com
Re: "make certificate" Doesn't Work, Apache 2.0.28, Unix, and mod_ssl (fwd)
Posted by Justin Erenkrantz <je...@ebuilt.com>.
On Wed, Dec 12, 2001 at 12:50:39AM -0500, Cliff Woolley wrote:
>
> Acked. Did we decide what we're going to do about this? Or is it just
> waiting on somebody to do it?
I think wrowe and I were of the mind that we shouldn't have any
dummy certificates or any automated process to create a certificate.
This is a case where I believe it is best to not even try than do
something that'll blow up in our faces later (It Worked anyone?).
I think we said that it is okay to point at a HOWTO (now do we write
this HOWTO?). That's not really our responsibility. If you can't
figure out how to create a certificate from the documentation, we
don't want you running a SSL server that implicates the evil
Snake-Oil company. =)
Sounds like the docs need to be updated. -- justin