Mailinglist Archive: opensuse (4208 mails)
| < Previous | Next > |
Re: [SLE] https - :D (with new certificates)
- From: steve-ss <mail@xxxxxxxxxxxx>
- Date: Tue, 6 Jul 2004 17:17:29 +0100
- Message-id: <200407061717.29986.mail@xxxxxxxxxxxx>
On Sunday 04 July 2004 09:09, scsijon wrote:
> If I understand this thread correctly.
>
> When you think you may want to add https/ssl to apache2
> you should do it before you start any "playing" about.
>
> Can I have a confirmation of this please!
>
> scsijon
>
> At 09:19 AM 3/07/2004, steve-ss wrote:
Hi.
Is there anyway of using this method with certificates I
have obtained from a non self signed source? I notice that
I only have .csr .key and .cert files. There seems to be
one missing as compared to the self generated files. I want
to get rid of the error message when using https in a
browser.
Thanks, Steve.
> > >
> > > Got something. It only works with a pristine
> > > /etc/apache2 directory, but I can reproduce a working
> > > apache2 with SSL. Basically it comes down to the
> > > steps described in README.QUICKSTART.SSL - well known
> > > by now I guess. ;)
> > >
> > > rcapache2 stop
> > >
> > > # backup:
> > > mv /etc/apache2{,.SAVE}
> > > mv /etc/sysconfig/apache2{,.SAVE}
> > >
> > > # remove apache2 (and dependent rpm's):
> > > rpm -e apache2 apache2-prefork apache2-mod_php4
> > >
> > > # we have already a backup, delete it:
> > > rpm -r /etc/apache2
> > >
> > > # install *same* rpm's as removed earlier:
> > > rpm -Uhv apache2 apache2-prefork apache2-mod_php4
> > >
> > > # make ssl conf file, using defaults:
> > > cp
> > > /etc/apache2/vhosts.d/{vhost-ssl.template,default-ssl
> > >.con f} # [editing not needed ;) ]
> > >
> > > edit /etc/sysconfig/apache2
> > > - APACHE_SERVER_FLAGS="-D SSL"
> > > - APACHE_MODULES contains "ssl"
> > >
> > > # make certificates:
> > > ####################################
> > > #### file 'mk-ssl-cert' - BEGIN ####
> > > #! /bin/sh
> > > set -x
> > >
> > > #####
> > > # Change items marked with ***
> > >
> > > # prefix (FNAME="example.org" creates
> > > example.org-server.crt, etc.)
> > >
> > > : ${FNAME=}
> > >
> > > # Common Name:
> > > : ${CN=`hostname -f`}
> > >
> > > # *** Country:
> > > : ${C=XY}
> > >
> > > # *** State or province:
> > > : ${ST=unknown}
> > >
> > > # *** Location (city):
> > > : ${L=unknown}
> > >
> > > # Organisation:
> > > : ${O=SuSE Linux Web Server}
> > >
> > > # Organisational unit:
> > > : ${U=web server}
> > >
> > > # Email address:
> > > : ${e=webmaster@$CN}
> > >
> > > gensslcert ${FNAME:+-C "$FNAME"} -c "$C" -s "$ST" -l
> > > "$L" -o "$O" -u "$U" -n "$CN" -e "$e" #### file
> > > 'mk-ssl-cert' - END ####
> > > ##################################
> > >
> > > # save above file as mk-ssl-cert, and chmod +x
> > > mk-ssl-cert mk-ssl-cert
> > >
> > > SuSEconfig --module apache2
> > > rcapache2 start
> > >
> > > http & https works. Of course the browser complaines
> > > about my certificates, but after clicking a few
> > > buttons the site is served in https mode.
> > >
> > > Key is:
> > > a pristine /etc/apache2 directory
> > > a pristine /etc/sysconfig/apache2 file
> > >
> > > Cheers,
> > >
> > > Leen
> >
> >Now it works. Give that man a big cool beer!
> >Thanks for all the effort.
> >Cheers, Steve.
> >
> >--
> >Check the headers for your unsubscription address
> >For additional commands send e-mail to
> > suse-linux-e-help@xxxxxxxx Also check the archives at
> > http://lists.suse.com Please read the FAQs:
> > suse-linux-e-faq@xxxxxxxx
> If I understand this thread correctly.
>
> When you think you may want to add https/ssl to apache2
> you should do it before you start any "playing" about.
>
> Can I have a confirmation of this please!
>
> scsijon
>
> At 09:19 AM 3/07/2004, steve-ss wrote:
Hi.
Is there anyway of using this method with certificates I
have obtained from a non self signed source? I notice that
I only have .csr .key and .cert files. There seems to be
one missing as compared to the self generated files. I want
to get rid of the error message when using https in a
browser.
Thanks, Steve.
> > >
> > > Got something. It only works with a pristine
> > > /etc/apache2 directory, but I can reproduce a working
> > > apache2 with SSL. Basically it comes down to the
> > > steps described in README.QUICKSTART.SSL - well known
> > > by now I guess. ;)
> > >
> > > rcapache2 stop
> > >
> > > # backup:
> > > mv /etc/apache2{,.SAVE}
> > > mv /etc/sysconfig/apache2{,.SAVE}
> > >
> > > # remove apache2 (and dependent rpm's):
> > > rpm -e apache2 apache2-prefork apache2-mod_php4
> > >
> > > # we have already a backup, delete it:
> > > rpm -r /etc/apache2
> > >
> > > # install *same* rpm's as removed earlier:
> > > rpm -Uhv apache2 apache2-prefork apache2-mod_php4
> > >
> > > # make ssl conf file, using defaults:
> > > cp
> > > /etc/apache2/vhosts.d/{vhost-ssl.template,default-ssl
> > >.con f} # [editing not needed ;) ]
> > >
> > > edit /etc/sysconfig/apache2
> > > - APACHE_SERVER_FLAGS="-D SSL"
> > > - APACHE_MODULES contains "ssl"
> > >
> > > # make certificates:
> > > ####################################
> > > #### file 'mk-ssl-cert' - BEGIN ####
> > > #! /bin/sh
> > > set -x
> > >
> > > #####
> > > # Change items marked with ***
> > >
> > > # prefix (FNAME="example.org" creates
> > > example.org-server.crt, etc.)
> > >
> > > : ${FNAME=}
> > >
> > > # Common Name:
> > > : ${CN=`hostname -f`}
> > >
> > > # *** Country:
> > > : ${C=XY}
> > >
> > > # *** State or province:
> > > : ${ST=unknown}
> > >
> > > # *** Location (city):
> > > : ${L=unknown}
> > >
> > > # Organisation:
> > > : ${O=SuSE Linux Web Server}
> > >
> > > # Organisational unit:
> > > : ${U=web server}
> > >
> > > # Email address:
> > > : ${e=webmaster@$CN}
> > >
> > > gensslcert ${FNAME:+-C "$FNAME"} -c "$C" -s "$ST" -l
> > > "$L" -o "$O" -u "$U" -n "$CN" -e "$e" #### file
> > > 'mk-ssl-cert' - END ####
> > > ##################################
> > >
> > > # save above file as mk-ssl-cert, and chmod +x
> > > mk-ssl-cert mk-ssl-cert
> > >
> > > SuSEconfig --module apache2
> > > rcapache2 start
> > >
> > > http & https works. Of course the browser complaines
> > > about my certificates, but after clicking a few
> > > buttons the site is served in https mode.
> > >
> > > Key is:
> > > a pristine /etc/apache2 directory
> > > a pristine /etc/sysconfig/apache2 file
> > >
> > > Cheers,
> > >
> > > Leen
> >
> >Now it works. Give that man a big cool beer!
> >Thanks for all the effort.
> >Cheers, Steve.
> >
> >--
> >Check the headers for your unsubscription address
> >For additional commands send e-mail to
> > suse-linux-e-help@xxxxxxxx Also check the archives at
> > http://lists.suse.com Please read the FAQs:
> > suse-linux-e-faq@xxxxxxxx
| < Previous | Next > |