Mailinglist Archive: opensuse (818 mails)

< Previous Next >
[opensuse] where should I put self-signed certificates for Apache 2 in OpenSuse 12.1
  • From: "Ted Byers" <r.ted.byers@xxxxxxxxx>
  • Date: Sun, 1 Jul 2012 16:09:43 -0400
  • Message-id: <0be001cd57c5$7504b8f0$5f0e2ad0$@gmail.com>
I tried Google, and found no consistency. I see directions, admittedly for
older versions of Suse Linux, that claim enabling SLL on apache, using
a2enmod ssl would create directories in certain places, and having executed
the above command, the directories I was told to expect are not there.

I found one set of instructions that were almost identical for Ubuntu 12.04
and Suse Linux and they both seemed to work. The httpd server restarted
fine, but because these particular instructions said nothing about
certificates, I did nothing to create new, self-signed certificates.
Consequently, I got an error on both Suse and Ubuntu vis: SSL received a
record that exceeded the maximum permissible length. (Error code:
ssl_error_rx_record_too_long). A colleague pointed me to instructions he'd
followed on Ubuntu, which did involve creating new self-signed certificates
and configuring a virtual SSL host. Following those solved the problem on
Ubuntu, but I can't use them on Suse as the programs don't appear to be
available on Suse (such as apt-get). Since Apache 2 behaved in the same way
on both systems, the problem was probably due to the certificates on both.
That said, I figure that since I have openssl installed on my Suse VM, and I
know how to use it from having created self-signed certificates for Apache2
on Windows, I ought to be able to use it to create them on Suse, but the
problem remains were to put them so that Apache2 will find them, and what
configuration file to edit to tell Apache2 where they are. While the same
series of steps for enabling SSL on Ubuntu and Suse seemed to work the same,
the result is a very different suite of directories between the two, and in
very different places. Even the suite of configuration files is different.
What gets confusing is that the different sets of instructions find by
googling, even restricting the search to documents pertaining to Suse Linux,
they differ WRT what directories ought to exist where. A perfect example.
I do a lot of CGI programming. On Windows, in the root directory, I have
an apache2 directory, and everything pertaining to Apache is in it, or a
sub-directory thereof. Not so with any Linux I have looked at so far. On
both Suse and Ubuntu, I find an apache2 directory in /etc/, but on Ubuntu,
the cgi-bin is /usr/lib/cgi-bin while on Suse Linux, it is /srv/www/cgi-bin.
On both VMs, I have found a bunch of 'certificate' directories all over the
place, but which application installed and uses them I have no idea. I
certainly do not want to be messing with them at least until I know why they
exist and what uses them.

I reasoned that a quick HOWTO document ought to address this, so I opened
httpd.conf on the Suse box, and found the following:

# Quickstart guide:
# http://en.opensuse.org/Apache_Quickstart_HOWTO

Alas, when I went to it, it was EMPTY! So much for being able to read
useful documentation. The page actually directed me to search for the page
and here is what I got from that:

==========Search
results=================================================================
tagline: From openSUSE
Top of Form

. Content pages
. Multimedia
. Help and Project pages
. Everything
. Advanced

Bottom of Form
There were no results matching the query.
Create the page "All:Apache Quickstart HOWTO~" on this wiki!
Retrieved from
"http://en.opensuse.org/Special:Search/all:Apache_Quickstart_HOWTO%7E";
============================================================================
============


BTW: I used yast to install all the servers I routinely work with, expecting
it to put them in a relatively standard location (on the assumption the
default locations would be reasonably secure), but finding stuff is proving
to be a challenge. And I don't want to be putting stuff in the wrong places
lest I compromise the security of the machines (i.e. I don't want to get
used to having stuff in the wrong places lest, when I deploy my stuff to a
production server, I compromise that machine).

Might I suggest someone connected to opensuse.org start prodding people who
know to put together some quickstart HOWTO documents for a suite of 'tasks',
such as setting up a LAMP machine (perhaps with an extended version dealing
with setting up SVN and Redmine on a LAMP server), improving the security of
a system using snort and/or apparmour (but that I mean either individually
or a combination of the two), setting up Wordpress on a LAMP machine, or
osCommerce (or competing online commerce product), just to name a few I
would be interested in reading (and if you want someone to test a procedure,
I'd be happy to set up a virgin VM with a vanilla install of either Gnome or
KDE, and apply the procedures described, and provide feedback to the authors
of such documents. I'd start writing them up, if I had the knowledge, but I
don't have that knowledge, yet.

In the meantime, a little wisdom WRT where to put the self-signed
certificates I can make using openssl and what configuration file in
/etc.apache2 to edit in order to tell apache about them, would be greatly
appreciated.

Cheers

Ted



--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups