You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Agnello George <ag...@gmail.com> on 2008/06/12 13:54:53 UTC
[users@httpd] mod_ssl: creating self signed certificate on apache for multiple domains
Hi
I am trying to implement ssl on my Apache server for multiple domains . I
have created a self -signed certificate using the following command .
( For domain agnello.com )
openssl req -new -x509 -days 30 -keyout
/usr/local/apache2/conf/domains_ssl/agnello.com/server.key -out
/usr/local/apache2/conf/domains_ssl/agnello.com/server.crt -subj '/CN=
agnello.sys.qualiproj.com'
( for domain dsouza.com )
openssl req -new -x509 -days 30 -keyout
/usr/local/apache2/conf/domains_ssl/dsouza.com/server.key -out
/usr/local/apache2/conf/domains_ssl/dsouza.com/server.crt -subj '/CN=
dsouza.sys.qualiproj.com'
It creates :
server.key and server .crt in the following location (
/usr/local/apache2/conf/domains_ssl/agnello.com/ ) ---- > agnello.com
server.key and server .crt in the following location (
/usr/local/apache2/conf/domains_ssl/dsouza.com/ ) ---- > dsouza.com
in the http-vhost.conf file i have added the certificate and the key
vi /usr/local/apache2/conf/extra/httpd-vhosts.conf
NameVirtualHost 192.168.0.244:80
NameVirtualHost 192.168.0.244:443
<VirtualHost 192.168.0.244:443>
ServerAdmin admin@agnello.sys.qualiproj.com
ServerName agnello.sys.qualiproj..com
ServerAlias www.agnello.sys.qualiproj.com
DocumentRoot /websites/agnello.com/web
SSLEngine on
SSLCertificateKeyFile /usr/local/apache2/conf/domains_ssl/
agnello.com/server.key
SSLCertificateFile /usr/local/apache2/conf/domains_ssl/
agnello.com/server.crt
ErrorLog /websites/agnello.com/logs/agnello.sys.qualiproj.error_log
CustomLog /websites/agnello.com/logs/agnello.sys.qualiproj.access_log common
</VirtualHost>
<VirtualHost 192.168.0.244:443>
ServerAdmin nokia*admin@nokia.sys.qualiproj.com*<ad...@agnello.sys.qualiproj.com>
ServerName nokia.sys.qualiproj.com
ServerAlias *www.nokia.sys.qualiproj.com*<http://www.agnello.sys.qualiproj.com/>
DocumentRoot /websites/nokia.com/web
SSLEngine on
SSLCertificateKeyFile /usr/local/apache2/conf/domains_ssl/
nokia.com/server.key
SSLCertificateFile /usr/local/apache2/conf/domains_ssl/nokia.com/server.crt
ErrorLog /websites/nokia.com/logs/nokia.sys.qualiproj.error_log
CustomLog /websites/nokia.com/logs/nokia.sys.qualiproj.access_log common
</VirtualHost>
when i restart Apache its ask me of a password phrase ( which password do i
input here ??? )
Is this the way to go about creating ssl certificates fro multiple domains,
or is there any other alternate way ??
Awaiting your feed back !!
Thanks
--
Regards
Agnello Dsouza
www.linux-vashi.blogspot.com
Re: [users@httpd] mod_ssl: creating self signed certificate on
apache for multiple domains
Posted by Scott Courtney <sc...@sinenomine.net>.
On Thu, 2008-06-12 at 15:57 +0200, André Warnier wrote:
>
> Agnello George wrote:
> >> The openssl command will always prompt you for a password.
>
> Just by curiosity : you cannot just enter <CR> for the pass-phrase I
> guess, or ?
With the versions I've used, it won't accept an empty passphrase on cert
creation, but will let you remove it later.
Scott
--
Scott Courtney <sc...@sinenomine.net>
Sine Nomine Associates
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_ssl: creating self signed certificate on apache
for multiple domains
Posted by André Warnier <aw...@ice-sa.com>.
Agnello George wrote:
>> The openssl command will always prompt you for a password.
Just by curiosity : you cannot just enter <CR> for the pass-phrase I
guess, or ?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_ssl: creating self signed certificate on apache for multiple domains
Posted by Agnello George <ag...@gmail.com>.
> The openssl command will always prompt you for a password. The trick is
> to *remove* the password afterward by passing the cert through openssl
> again. I believe the command is like this:
>
> openssl rsa -in server.crt -out server-nopasswd.crt
>
> I'm working from memory here, so check this page (or Google for a
> similar page) for details:
>
> http://www.madboa.com/geek/openssl/#key-removepass
i was abel to solve my query i just followed instructions given on the
followin page.
http://www.kooty.net/?p=27
Thank you all !!
--
> Regards
> Agnello Dsouza
> www.linux-vashi.blogspot.com
> www.bible-study-india.blogspot.com
Re: [users@httpd] mod_ssl: creating self signed certificate on
apache for multiple domains
Posted by Scott Courtney <sc...@sinenomine.net>.
On Thu, 2008-06-12 at 18:37 +0530, Agnello George wrote:
>
>
> Try re-creating your keys, but this time without entering a
> passkey.
> Otherwise you'll have to enter it each time you start Apache.
>
> how is that done i use the following command to create the
> certificate
> cd /usr/local/apache2/conf/
>
> openssl req -new -x509 -days 30 -keyout server.key -out server.crt
> -subj '/CN=nokia.sys.qualiproj.com'
> Enter PEM pass phrase:
>
> How do i modify this command so that i should not be prompted for
> password !!
The openssl command will always prompt you for a password. The trick is
to *remove* the password afterward by passing the cert through openssl
again. I believe the command is like this:
openssl rsa -in server.crt -out server-nopasswd.crt
I'm working from memory here, so check this page (or Google for a
similar page) for details:
http://www.madboa.com/geek/openssl/#key-removepass
Kind regards,
Scott
--
Scott Courtney <sc...@sinenomine.net>
Sine Nomine Associates
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_ssl: creating self signed certificate on apache for multiple domains
Posted by Agnello George <ag...@gmail.com>.
>
> Try re-creating your keys, but this time without entering a passkey.
> Otherwise you'll have to enter it each time you start Apache.
how is that done i use the following command to create the certificate
cd /usr/local/apache2/conf/
openssl req -new -x509 -days 30 -keyout server.key -out server.crt -subj
'/CN=nokia.sys.qualiproj.com'
Enter PEM pass phrase:
How do i modify this command so that i should not be prompted for password
!!
Thanks !
--
> Regards
> Agnello Dsouza
> www.linux-vashi.blogspot.com
> www.bible-study-india.blogspot.com
Re: [users@httpd] mod_ssl: creating self signed certificate on apache
for multiple domains
Posted by André Warnier <aw...@ice-sa.com>.
Hi.
Try re-creating your keys, but this time without entering a passkey.
Otherwise you'll have to enter it each time you start Apache.
Agnello George wrote:
> Hi
>
> I am trying to implement ssl on my Apache server for multiple domains . I
> have created a self -signed certificate using the following command .
>
> ( For domain agnello.com )
> openssl req -new -x509 -days 30 -keyout
> /usr/local/apache2/conf/domains_ssl/agnello.com/server.key -out
> /usr/local/apache2/conf/domains_ssl/agnello.com/server.crt -subj '/CN=
> agnello.sys.qualiproj.com'
>
> ( for domain dsouza.com )
> openssl req -new -x509 -days 30 -keyout
> /usr/local/apache2/conf/domains_ssl/dsouza.com/server.key -out
> /usr/local/apache2/conf/domains_ssl/dsouza.com/server.crt -subj '/CN=
> dsouza.sys.qualiproj.com'
>
>
> It creates :
>
> server.key and server .crt in the following location (
> /usr/local/apache2/conf/domains_ssl/agnello.com/ ) ---- > agnello.com
>
> server.key and server .crt in the following location (
> /usr/local/apache2/conf/domains_ssl/dsouza.com/ ) ---- > dsouza.com
>
> in the http-vhost.conf file i have added the certificate and the key
>
> vi /usr/local/apache2/conf/extra/httpd-vhosts.conf
>
> NameVirtualHost 192.168.0.244:80
>
> NameVirtualHost 192.168.0.244:443
> <VirtualHost 192.168.0.244:443>
> ServerAdmin admin@agnello.sys.qualiproj.com
> ServerName agnello.sys.qualiproj..com
> ServerAlias www.agnello.sys.qualiproj.com
> DocumentRoot /websites/agnello.com/web
> SSLEngine on
> SSLCertificateKeyFile /usr/local/apache2/conf/domains_ssl/
> agnello.com/server.key
> SSLCertificateFile /usr/local/apache2/conf/domains_ssl/
> agnello.com/server.crt
> ErrorLog /websites/agnello.com/logs/agnello.sys.qualiproj.error_log
> CustomLog /websites/agnello.com/logs/agnello.sys.qualiproj.access_log common
> </VirtualHost>
> <VirtualHost 192.168.0.244:443>
> ServerAdmin nokia*admin@nokia.sys.qualiproj.com*<ad...@agnello.sys.qualiproj.com>
> ServerName nokia.sys.qualiproj.com
> ServerAlias *www.nokia.sys.qualiproj.com*<http://www.agnello.sys.qualiproj.com/>
> DocumentRoot /websites/nokia.com/web
> SSLEngine on
> SSLCertificateKeyFile /usr/local/apache2/conf/domains_ssl/
> nokia.com/server.key
> SSLCertificateFile /usr/local/apache2/conf/domains_ssl/nokia.com/server.crt
> ErrorLog /websites/nokia.com/logs/nokia.sys.qualiproj.error_log
> CustomLog /websites/nokia.com/logs/nokia.sys.qualiproj.access_log common
> </VirtualHost>
>
> when i restart Apache its ask me of a password phrase ( which password do i
> input here ??? )
>
>
> Is this the way to go about creating ssl certificates fro multiple domains,
> or is there any other alternate way ??
>
>
> Awaiting your feed back !!
>
> Thanks
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_ssl: creating self signed certificate on apache for multiple domains
Posted by Krist van Besien <kr...@gmail.com>.
> Is this the way to go about creating ssl certificates fro multiple domains, or is there any other alternate way ??
You can't have namevirtual hosts with ssl support. what you are trying
won't work, unless you have the SNI patch...
Krist
--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org