You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Gordon Low <gl...@bigpond.net.au> on 2004/01/14 07:26:38 UTC
[users@httpd] mod_ssl setup problem
Wondered if someone can help with mod_ssl. Have been trying to "tidy up"
my ssl configuration, have been using it with perl cgi but it keeps
saying the server is not the same because I assume the certificate is
the default certificate and is using localhost.
I have some virtual domains and want to limit access to one of the
domains to particular users, this is done with .htaccess controls but
for them to change the password I want it to be secure. Bottom line is
most is in place but I am trying to tidy the ssl certificate on the
server and am installing a private certificate.
Embarassing problem I am having here is I have found the Howto in SSL
and can see in the /etc/httpd/conf.d/ssl.conf where to put the key and
the certificate but the howto mentions that I have to use a script
/sign.sh to generate the server.crt as a certificate authority, I can't
find this script. Have searched and found some makefiles associated with
openssl directories but am not sure if they are similar.
Position at the moment is I am a certificate authority and have a
certificate request but can't generate the server.crt file.
Tried to look for the source directories as it states
"a script named sign.sh is distributed with the mod_ssl
distribution (subdir pkg.contrib/). Use this script for signing."
but am having no luck.
Thanks
Gordon Low
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] mod_ssl setup problem
Posted by Ben Yau <by...@cardcommerce.com>.
> the certificate but the howto mentions that I have to use a script
> /sign.sh to generate the server.crt as a certificate authority, I can't
> find this script. Have searched and found some makefiles associated with
> openssl directories but am not sure if they are similar.
> Position at the moment is I am a certificate authority and have a
> certificate request but can't generate the server.crt file.
> Tried to look for the source directories as it states
> "a script named sign.sh is distributed with the mod_ssl
> distribution (subdir pkg.contrib/). Use this script for signing."
> but am having no luck.
>
Hey Gordon.
Did the mod_ssl come compiled with your apache ? Or did you download mod_ssl
source? And what OS are you using?
We're using redhat on an internal web server here. I checked on it and
there also is no sign.sh
I just downloaded from www.modssl.org the latest modssl source
(2.8.16-1.3.29) and it is there in the tar file:
mod_ssl-2.8.16-1.3.29/pkg.conrib/sign.sh
So that's one option.
The other is this. In the HOWTO it does say you can use the CA.sh or CA.pl
scripts instead of going through all the steps using openssl and sign.sh
Check the beginning of that section and it says:
"How can I create and use my own Certificate Authority (CA)?"
"The short answer is to use the CA.sh or CA.pl script provided by OpenSSL.
The long and manual answer is this:
1. (blah blah)
2. (blah blah)
3. "... script named sign.sh is distributed with the mod_ssl distribution
(subdir pkg.contrib/)..."
4. (blah blah)
so your other option is checking to see if CA.sh or CA.pl are on your
machine (it was on ours) and then see if you can use those instead.
Good luck.
Ben Yau
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org