fail to enable SSL in Fedora :(

M E Fieu sibu168 at yahoo.com
Wed Dec 28 10:28:14 UTC 2005


Hi.. I tried to enable SSL / create a SSL Cert in my Fedora 3

I used the following to create server key 

openssl genrsa -des3 4096 >/etc/httpd/conf/ssl.key/server.key

then I make your a self signet cerificte with

openssl req -new -x509 -key /etc/httpd/conf/ssl.key/server.key -out >
/etc/httpd/conf/ssl.crt/server.crt -days 365 -utf8

and then I ensure the following entries is in my ssl.conf
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

and restart my apache,  when I surf to https://mywebsite , it state page not found.
http://mywebsite is ok.  and when I telnet port 443 to that server, it failed too.

The error_log show
[Wed Dec 28 16:08:58 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Wed Dec 28 16:08:58 2005] [notice] LDAP: SSL support unavailable
[Wed Dec 28 16:08:58 2005] [notice] Apache/2.0.53 (Fedora) configured -- resuming normal
operations
[Wed Dec 28 17:59:16 2005] [notice] caught SIGTERM, shutting down
[Wed Dec 28 17:59:17 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Dec 28 17:59:17 2005] [notice] Digest: generating secret for digest authentication ...
[Wed Dec 28 17:59:17 2005] [notice] Digest: done

I also tried to create a CSR to submit to my windows domain Root CA to sign it
http://windowsCA/certsrv/  Can anyone tell me whether windows domain CA and sign Linux CSR?

I used the following command to create CSR of my Linux box
openssl req -new -key /etc/httpd/conf/ssl.key/server.key -out /etc/httpd/conf/ssl.key/server.csr

and use the server.csr content to http://windowsCA/certsrv/ and the windows CA can sign it and
return as certnew.cer.  It rename it as server.crt and move it to my linux box's
/etc/httpd/conf/ssl.crt/server.crt  and restart the apache.  Not sure whether it is right , but I
also can telnet 443 to my linux box and error message is the same as above






	
		
__________________________________ 
Yahoo! for Good - Make a difference this year. 
http://brand.yahoo.com/cybergivingweek2005/




More information about the users mailing list