fail to enable SSL in Fedora :(

M E Fieu sibu168 at yahoo.com
Wed Dec 28 15:07:27 UTC 2005


--- Craig White <craigwhite at azapple.com> wrote:
> On Wed, 2005-12-28 at 02:28 -0800, M E Fieu wrote:
> > Hi.. I tried to enable SSL / create a SSL Cert in my Fedora 3
> > 
> > I used the following to create server key 
> > 
> > openssl genrsa -des3 4096 >/etc/httpd/conf/ssl.key/server.key
> > 
> > then I make your a self signet cerificte with
> > 
> > openssl req -new -x509 -key /etc/httpd/conf/ssl.key/server.key -out >
> > /etc/httpd/conf/ssl.crt/server.crt -days 365 -utf8
> > 
> > and then I ensure the following entries is in my ssl.conf
> > SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
> > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
> > 
> > and restart my apache,  when I surf to https://mywebsite , it state page not found.
> > http://mywebsite is ok.  and when I telnet port 443 to that server, it failed too.
> > 
> > The error_log show
> > [Wed Dec 28 16:08:58 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK
> > [Wed Dec 28 16:08:58 2005] [notice] LDAP: SSL support unavailable
> > [Wed Dec 28 16:08:58 2005] [notice] Apache/2.0.53 (Fedora) configured -- resuming normal
> > operations
> > [Wed Dec 28 17:59:16 2005] [notice] caught SIGTERM, shutting down
> > [Wed Dec 28 17:59:17 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> > [Wed Dec 28 17:59:17 2005] [notice] Digest: generating secret for digest authentication ...
> > [Wed Dec 28 17:59:17 2005] [notice] Digest: done
> > 
> > I also tried to create a CSR to submit to my windows domain Root CA to sign it
> > http://windowsCA/certsrv/  Can anyone tell me whether windows domain CA and sign Linux CSR?
> > 
> > I used the following command to create CSR of my Linux box
> > openssl req -new -key /etc/httpd/conf/ssl.key/server.key -out
> /etc/httpd/conf/ssl.key/server.csr
> > 
> > and use the server.csr content to http://windowsCA/certsrv/ and the windows CA can sign it and
> > return as certnew.cer.  It rename it as server.crt and move it to my linux box's
> > /etc/httpd/conf/ssl.crt/server.crt  and restart the apache.  Not sure whether it is right ,
> but I
> > also can't telnet 443 to my linux box and error message is the same as above
> ----
> this is how I do it.
> 
> cd /usr/share/ssl/certs
> 
> openssl genrsa -des3 -out ca.key 2048
> openssl genrsa -des3 -out server.key 1024
> 
> #### generate web server certificate ####
> openssl rsa -in server.key -out server.key.unsecure
> openssl req -config /usr/share/ssl/openssl.cnf -new -x509 -days 3650 \
> -key server.key.unsecure -out server.crt
> rm -fr /etc/httpd/conf/ssl.crt/server.crt
> cp server.crt /etc/httpd/conf/ssl.crt/
> rm -fr /etc/httpd/conf/ssl.key/server.key
> cp server.key.unsecure /etc/httpd/conf/ssl.key/server.key

Hi.. thanks I have followed what you have shown me but I still get the same error message and I
can't telnet 443 to my box same as before. :(

can you tell me what is mean by "openssl rsa -in server.key -out server.key.unsecure", what is
"in" and "out" and what is the difference between server.key and server.key.unsecure ???

also "openssl req -config /usr/share/ssl/openssl.cnf -new -x509 -days 3650 \ -key
server.key.unsecure -out server.crt"

it mean CA to signing server.crt with server private key server.key.unsecure?  Why ca.key that
created has never been used in the process?  



	
		
__________________________________ 
Yahoo! for Good - Make a difference this year. 
http://brand.yahoo.com/cybergivingweek2005/




More information about the fedora-list mailing list