How to make a cert Was: Certificate name problems

To: apache-ssl@lists.aldigital.co.uk
Subject: How to make a cert Was: Certificate name problems
From: "Magnus Stenman -- root/webmaster@hkust.se" <stone@hkust.se>
Date: Wed, 08 Jul 1998 02:23:40 +0200
Delivered-to: mailing list apache-ssl@lists.aldigital.co.uk
Mailing-list: contact apache-ssl-help@lists.aldigital.co.uk; run by ezmlm
Organization: http://www.apache-ssl.org
Organization: Stenman Data
References: <199807072242.KAA21847@pcnet.co.nz>
Reply-to: apache-ssl@lists.aldigital.co.uk
Reply-to: stone@hkust.se

I hope I remember this right.... here goes:
(paths and stuff will probably differ)

I´m lazy, so I entered my country, e-mail and stuff into
/usr/local/ssl/lib/ssleay.conf first.

I´ll describe 2 methods, there are probably 100 others

-------------------------
with apache-ssl´s script:

run 'make-dummy-certificate' 
fill in stuff, httpsd.pem + a checksum symlink will be created.
(fill in your server url in the field: Common Name)

the make-dummy-certificate script:
cd /var/tmp
/usr/local/ssl/bin/ssleay req \
        -config /usr/local/ssl/lib/ssleay.cnf \
        -new -x509 -days 999 -nodes -out /etc/httpsd/conf/httpsd.pem \
        -keyout /etc/httpsd/conf/httpsd.pem; \
        ln -sf /etc/httpsd/conf/httpsd.pem \
        /etc/httpsd/conf/`/usr/local/ssl/bin/ssleay \
        x509 -noout -hash < /etc/httpsd/conf/httpsd.pem`.0

point apache-ssl´s config directives to the pem file:
SSLCACertificatePath /etc/httpsd/conf    <- needed?
SSLCertificateFile /etc/httpsd/conf/httpsd.pem

---------------------------
with SSLeay's CA.sh script:

set up a new CA (Certificate Authority?)
CA.sh -newca
enter your CA password

create a new request
CA.sh -newreq
fill in stuff, newreq.pem will be created.
(fill in your server url in the field: Common Name)
enter your personal key password

sign the request
CA.sh -sign
enter CA password

if you do not want to enter the personal key password
every time the server starts, remove it from the key (in newreq.pem)
with ssleay rsa -in newreq.pem -out key.pem

append the key to the certificate: cat key.pem >> newcert.pem

point apache-ssl´s config directive to the pem file:
SSLCACertificatePath /etc/httpsd/conf    <- needed?
SSLCertificateFile /etc/httpsd/conf/newcert.pem

maybe you have to create the symlink also... well, it wont hurt:
ssleay x509 -noout -hash < newcert.pem   --> gives e.g. 6ff777df
make the symlink:
ln -sf /etc/httpsd/conf/newcert.pem 6ff777df.0  <--- don't forget .0

-----------------------  phew

start up your server.... and cross your fingers

rzdrav@pcnet.co.nz wrote:
> 
> At 06:57 PM 7/7/98 +0200, you wrote:
> >Thanks, all!
> >Now it works like a charm.
> 
> Could you write in a couple points, how you worked it out?
> I mean from CA.sh -newca to the end
> 
> It would be very useful for the beginers.

Who isn't a beginner? :)

-- 
     Magnus Stenman     http://www.hkust.se     mailto:stone@hkust.se

Follow-Ups:
- Re: [apache-ssl] How to make a cert Was: Certificate name problems
  - From: Ben Laurie <ben@algroup.co.uk>

References:
- Re: [apache-ssl] Certificate name problems
  - From: rzdrav@pcnet.co.nz

Prev by Date: Re: [apache-ssl] Certificate name problems
Next by Date: Re: [apache-ssl] How to make a cert Was: Certificate name problems
Previous by thread: Re: [apache-ssl] Certificate name problems
Next by thread: Re: [apache-ssl] How to make a cert Was: Certificate name problems
Index(es):
- Date
- Thread