fail to enable SSL in Fedora :(
Craig White
craigwhite at azapple.com
Wed Dec 28 12:55:02 UTC 2005
On Wed, 2005-12-28 at 02:28 -0800, M E Fieu wrote:
> Hi.. I tried to enable SSL / create a SSL Cert in my Fedora 3
>
> I used the following to create server key
>
> openssl genrsa -des3 4096 >/etc/httpd/conf/ssl.key/server.key
>
> then I make your a self signet cerificte with
>
> openssl req -new -x509 -key /etc/httpd/conf/ssl.key/server.key -out >
> /etc/httpd/conf/ssl.crt/server.crt -days 365 -utf8
>
> and then I ensure the following entries is in my ssl.conf
> SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
>
> and restart my apache, when I surf to https://mywebsite , it state page not found.
> http://mywebsite is ok. and when I telnet port 443 to that server, it failed too.
>
> The error_log show
> [Wed Dec 28 16:08:58 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK
> [Wed Dec 28 16:08:58 2005] [notice] LDAP: SSL support unavailable
> [Wed Dec 28 16:08:58 2005] [notice] Apache/2.0.53 (Fedora) configured -- resuming normal
> operations
> [Wed Dec 28 17:59:16 2005] [notice] caught SIGTERM, shutting down
> [Wed Dec 28 17:59:17 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> [Wed Dec 28 17:59:17 2005] [notice] Digest: generating secret for digest authentication ...
> [Wed Dec 28 17:59:17 2005] [notice] Digest: done
>
> I also tried to create a CSR to submit to my windows domain Root CA to sign it
> http://windowsCA/certsrv/ Can anyone tell me whether windows domain CA and sign Linux CSR?
>
> I used the following command to create CSR of my Linux box
> openssl req -new -key /etc/httpd/conf/ssl.key/server.key -out /etc/httpd/conf/ssl.key/server.csr
>
> and use the server.csr content to http://windowsCA/certsrv/ and the windows CA can sign it and
> return as certnew.cer. It rename it as server.crt and move it to my linux box's
> /etc/httpd/conf/ssl.crt/server.crt and restart the apache. Not sure whether it is right , but I
> also can telnet 443 to my linux box and error message is the same as above
----
this is how I do it.
cd /usr/share/ssl/certs
openssl genrsa -des3 -out ca.key 2048
openssl genrsa -des3 -out server.key 1024
#### generate web server certificate ####
openssl rsa -in server.key -out server.key.unsecure
openssl req -config /usr/share/ssl/openssl.cnf -new -x509 -days 3650 \
-key server.key.unsecure -out server.crt
rm -fr /etc/httpd/conf/ssl.crt/server.crt
cp server.crt /etc/httpd/conf/ssl.crt/
rm -fr /etc/httpd/conf/ssl.key/server.key
cp server.key.unsecure /etc/httpd/conf/ssl.key/server.key
YMMV
Craig
More information about the users
mailing list