You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by cc...@netscape.net on 2002/09/15 10:25:53 UTC

[users@httpd] need help: httpd: with SSL - howto ?!

Hi,

When I start httpd using: apachectl startssl,
I get errors:

[Sun Sep 15 01:11:39 2002] [error] mod_ssl: Init: (localhost) Unable to configure RSA server private key (OpenSSL library error follows)
[Sun Sep 15 01:11:39 2002] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

However, I checked keys look okay, I was able to decipher via command:

openssl x509 -noout -text -in server.crt

Any suggestions ?

Thank you,


__________________________________________________________________
The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp 

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] need help: httpd: with SSL - howto ?!

Posted by Werner Schalk <we...@gmx.de>.

Hello,

I use the following commands to create and
sign my ssl stuff:

a) Create a encrypted private key (1024 bit) for the server
(choose an appropriate pass phrase like "tOdAy iS A good n8 TO
...(whatever)":
# /usr/local/openssl-0.9.6g/bin/openssl genrsa -out server.key -des3
1024

b) Create a request (server.csr) and send this request to Versign,
Thawte or
any other institution:
# /usr/local/openssl-0.9.6g/bin/openssl req -new -key server.key -out
server.csr

c) If you don't want to pay Verisign, sign yourself for one year:
# /usr/local/openssl-0.9.6g/bin/openssl req -new -x509 -days 365 -key
server.key -out server.crt

d) ...that's it!

Bye,
Werner.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org