I have apache2 and openssl installed and am trying to work out what to do next. I have certificates from www.kcmria.com three of them. One ending in .csr another ends in .key and the third with .cert. I have 443 open on my firewall. What do I do next? All the references on google seem to be for directories that don't exist on SuSE 9.1. Is there a simple stage by stage howto or am I getting close enough to be able to get help from the list? TIA Steve.
On Wednesday 30 June 2004 10:29, steve-ss wrote:
I have apache2 and openssl installed and am trying to work out what to do next. I have certificates from www.kcmria.com three of them. One ending in .csr another ends in .key and the third with .cert. I have 443 open on my firewall.
What do I do next?
Try: 1) /usr/share/doc/packages/apache2 2) YOU 3) YaST -> Network Services -> HTTP Server Cheers, Leen
You need to put in /etc/sysconfig/apache2
APACHE_SERVER_FLAGS="-D SSL"
and APACHE_MODULES must contain ssl
You also need to copy the various files in /etc/apache2/ssl.key/ and
/etc/apache2/ssl.crt/
And, if you want to use virtual host:
- NameVirtualHost your_ip_address:443
- In /etc/apache2/vhost.d, copy the ssl template and modify it
Gaël
Leendert Meyer
On Wednesday 30 June 2004 10:29, steve-ss wrote:
I have apache2 and openssl installed and am trying to work out what to do next. I have certificates from www.kcmria.com three of them. One ending in .csr another ends in .key and the third with .cert. I have 443 open on my firewall.
What do I do next?
Try: 1) /usr/share/doc/packages/apache2 2) YOU 3) YaST -> Network Services -> HTTP Server
Cheers,
Leen
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Thursday 01 July 2004 07:20, g.lams@itcilo.org wrote:
You need to put in /etc/sysconfig/apache2 APACHE_SERVER_FLAGS="-D SSL"
and APACHE_MODULES must contain ssl You also need to copy the various files in /etc/apache2/ssl.key/ and /etc/apache2/ssl.crt/
And, if you want to use virtual host: - NameVirtualHost your_ip_address:443 - In /etc/apache2/vhost.d, copy the ssl template and modify it
Gaël
Hi and thanks for the help. Still no joy. I copied the certificates to /etc/apache2/ssl.key/ and /etc/apache2/ssl.crt/ I renamed the certificates to server.key server.crt. but when I put APACHE_SERVER_FLAGS="-D SSL" and do a rcapache2 startssl apache2 won't start. If I remove that line it will start but not with ssl. Any ideas? Thanks, Steve.
On Thursday 01 July 2004 15:25, steve-ss wrote:
On Thursday 01 July 2004 07:20, g.lams@itcilo.org wrote:
You need to put in /etc/sysconfig/apache2 APACHE_SERVER_FLAGS="-D SSL"
and APACHE_MODULES must contain ssl You also need to copy the various files in /etc/apache2/ssl.key/ and /etc/apache2/ssl.crt/
And, if you want to use virtual host: - NameVirtualHost your_ip_address:443 - In /etc/apache2/vhost.d, copy the ssl template and modify it
Gaël
Hi and thanks for the help. Still no joy. I copied the certificates to /etc/apache2/ssl.key/ and /etc/apache2/ssl.crt/ I renamed the certificates to server.key server.crt. but when I put APACHE_SERVER_FLAGS="-D SSL" and do a rcapache2 startssl apache2 won't start. If I remove that line it will start but not with ssl. Any ideas?
Did you do a 'SuSEconfig --module apache2' after changing /etc/sysconfig/apache2 or /etc/apache2/*? Did you have a look at the log files in /var/log/apache2 (and perhaps /var/log/{messages,warn})? Cheers, Leen
On Thursday 01 July 2004 13:08, Leendert Meyer wrote:
On Thursday 01 July 2004 15:25, steve-ss wrote:
On Thursday 01 July 2004 07:20, g.lams@itcilo.org wrote:
You need to put in /etc/sysconfig/apache2 APACHE_SERVER_FLAGS="-D SSL"
and APACHE_MODULES must contain ssl You also need to copy the various files in /etc/apache2/ssl.key/ and /etc/apache2/ssl.crt/
And, if you want to use virtual host: - NameVirtualHost your_ip_address:443 - In /etc/apache2/vhost.d, copy the ssl template and modify it
Gaël
Hi and thanks for the help. Still no joy. I copied the certificates to /etc/apache2/ssl.key/ and /etc/apache2/ssl.crt/ I renamed the certificates to server.key server.crt. but when I put APACHE_SERVER_FLAGS="-D SSL" and do a rcapache2 startssl apache2 won't start. If I remove that line it will start but not with ssl. Any ideas?
Did you do a 'SuSEconfig --module apache2' after changing /etc/sysconfig/apache2 or /etc/apache2/*?
Did you have a look at the log files in /var/log/apache2 (and perhaps /var/log/{messages,warn})?
Cheers,
Hi. No I didn't. I now have though and now and still it won't start. Here are the errors: [Thu Jul 01 14:19:54 2004] [notice] Apache/2.0.49 (Linux/SuSE) configured -- resuming normal operations [Thu Jul 01 14:20:10 2004] [notice] caught SIGTERM, shutting down [Thu Jul 01 14:20:15 2004] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] [Thu Jul 01 14:20:24 2004] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] [Thu Jul 01 14:20:34 2004] [warn] Init: Session Cache is not configured [hint: SSLSessionCache] [Thu Jul 01 14:20:34 2004] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2) [ My certificates are called: www.kcmria.com.cert www.kcmria.com.csr www.kcmria.com.key I put these into the respective directories under /etc/apache2/ssl.crt /etc/apache2/ssl.csr /etc/apache2/ssl.key Is that correct or must I do something else with them? Thanks, Steve.
Once you put the certificates in the respective directorie, you need also
to indicate in apache's configuration file to use those certificates. In
fact the error says "no certificate configured".
You need to put something like:
# Server Certificate:
SSLCertificateFile /etc/apache2/ssl.crt/your_name.crt
# Server Private Key:
SSLCertificateKeyFile /etc/apache2/ssl.key/your_name.key
In my case, I've a virtual host define in
/etc/apache2/vhost.d/tomcat-ssl.conf, more or less like:
<IfDefine SSL>
On Thursday 01 July 2004 17:58, steve-ss wrote:
[Thu Jul 01 14:20:15 2004] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] [Thu Jul 01 14:20:24 2004] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] [Thu Jul 01 14:20:34 2004] [warn] Init: Session Cache is not configured [hint: SSLSessionCache] [Thu Jul 01 14:20:34 2004] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2) [
My certificates are called: www.kcmria.com.cert www.kcmria.com.csr www.kcmria.com.key
I put these into the respective directories under /etc/apache2/ssl.crt /etc/apache2/ssl.csr /etc/apache2/ssl.key
Is that correct or must I do something else with them? Thanks, Steve.
Please read this file: /usr/share/doc/packages/apache2/README.QUICKSTART.SSL and go with the defaults. If you've got it working, you can try to change it. Note: there is also a paragraph 'Troubleshooting'. ;) Cheers, Leen
On Thursday 01 July 2004 15:59, Leendert Meyer wrote:
On Thursday 01 July 2004 17:58, steve-ss wrote:
[Thu Jul 01 14:20:15 2004] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] [Thu Jul 01 14:20:24 2004] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] [Thu Jul 01 14:20:34 2004] [warn] Init: Session Cache is not configured [hint: SSLSessionCache] [Thu Jul 01 14:20:34 2004] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2) [
My certificates are called: www.kcmria.com.cert www.kcmria.com.csr www.kcmria.com.key
I put these into the respective directories under /etc/apache2/ssl.crt /etc/apache2/ssl.csr /etc/apache2/ssl.key
Is that correct or must I do something else with them? Thanks, Steve.
Please read this file:
/usr/share/doc/packages/apache2/README.QUICKSTART.SSL
Hi. I've followed that to the letter. There were no error messages when running the scripts and the certificates seem to be in place now. I have run SuSEconfig but I still get the error after rcapache2 restart: Shutting down httpd2 (waiting for all children to terminate) done Starting httpd2 (prefork) startproc: exit status of parent of /usr/sbin/httpd2-prefork: 1 failed The error log still shows: [Fri Jul 02 13:58:32 2004] [notice] caught SIGTERM, shutting down [Fri Jul 02 13:58:33 2004] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] Really sorry but just can't figure this one out for myself. Cheers, Steve.
On Friday 02 July 2004 15:07, steve-ss wrote:
The error log still shows: [Fri Jul 02 13:58:32 2004] [notice] caught SIGTERM, shutting down [Fri Jul 02 13:58:33 2004] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]
Really sorry but just can't figure this one out for myself.
Ok, hang on, I'll try it myself with an unconfigured apache2. I hope to report back within the next hour. Cheers, Leen
On Friday 02 July 2004 14:39, Leendert Meyer wrote:
On Friday 02 July 2004 15:07, steve-ss wrote:
The error log still shows: [Fri Jul 02 13:58:32 2004] [notice] caught SIGTERM, shutting down
This is no problem, apache is just shutting down.
[Fri Jul 02 13:58:33 2004] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]
Yup. Got this too, but all seems well.
Really sorry but just can't figure this one out for myself.
Ok, hang on, I'll try it myself with an unconfigured apache2. I hope to report back within the next hour.
Up until now I can only confirm that I got the same error message. :(( This used to work in 9.0 AFAIK. I'll look into this further this evening, and see what has changed. Cheers, Leen
On Friday 02 July 2004 16:30, Leendert Meyer wrote:
On Friday 02 July 2004 14:39, Leendert Meyer wrote:
On Friday 02 July 2004 15:07, steve-ss wrote:
The error log still shows: [Fri Jul 02 13:58:32 2004] [notice] caught SIGTERM, shutting down
This is no problem, apache is just shutting down.
[Fri Jul 02 13:58:33 2004] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]
Yup. Got this too, but all seems well.
Really sorry but just can't figure this one out for myself.
Ok, hang on, I'll try it myself with an unconfigured apache2. I hope to report back within the next hour.
Up until now I can only confirm that I got the same error message. :(( This used to work in 9.0 AFAIK.
I'll look into this further this evening, and see what has changed.
Cheers,
Leen
Hi. Thanks a million for testing this for me. The problem is that I still can't serve any files (either http ot https) as apache will not restart. If I lose the -D SSL then at least it will serve http. Steve.
On Friday 02 July 2004 19:19, steve-ss wrote:
On Friday 02 July 2004 16:30, Leendert Meyer wrote:
On Friday 02 July 2004 14:39, Leendert Meyer wrote:
On Friday 02 July 2004 15:07, steve-ss wrote:
The error log still shows: [Fri Jul 02 13:58:32 2004] [notice] caught SIGTERM, shutting down
This is no problem, apache is just shutting down.
[Fri Jul 02 13:58:33 2004] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]
Yup. Got this too, but all seems well.
Really sorry but just can't figure this one out for myself.
Ok, hang on, I'll try it myself with an unconfigured apache2. I hope to report back within the next hour.
Up until now I can only confirm that I got the same error message. :(( This used to work in 9.0 AFAIK.
I'll look into this further this evening, and see what has changed.
Cheers,
Leen
Hi. Thanks a million for testing this for me. The problem is that I still can't serve any files (either http ot https) as apache will not restart. If I lose the -D SSL then at least it will serve http. Steve.
Got something. It only works with a pristine /etc/apache2 directory, but I can reproduce a working apache2 with SSL. Basically it comes down to the steps described in README.QUICKSTART.SSL - well known by now I guess. ;) rcapache2 stop # backup: mv /etc/apache2{,.SAVE} mv /etc/sysconfig/apache2{,.SAVE} # remove apache2 (and dependent rpm's): rpm -e apache2 apache2-prefork apache2-mod_php4 # we have already a backup, delete it: rpm -r /etc/apache2 # install *same* rpm's as removed earlier: rpm -Uhv apache2 apache2-prefork apache2-mod_php4 # make ssl conf file, using defaults: cp /etc/apache2/vhosts.d/{vhost-ssl.template,default-ssl.conf} # [editing not needed ;) ] edit /etc/sysconfig/apache2 - APACHE_SERVER_FLAGS="-D SSL" - APACHE_MODULES contains "ssl" # make certificates: #################################### #### file 'mk-ssl-cert' - BEGIN #### #! /bin/sh set -x ##### # Change items marked with *** # prefix (FNAME="example.org" creates example.org-server.crt, etc.) : ${FNAME=} # Common Name: : ${CN=`hostname -f`} # *** Country: : ${C=XY} # *** State or province: : ${ST=unknown} # *** Location (city): : ${L=unknown} # Organisation: : ${O=SuSE Linux Web Server} # Organisational unit: : ${U=web server} # Email address: : ${e=webmaster@$CN} gensslcert ${FNAME:+-C "$FNAME"} -c "$C" -s "$ST" -l "$L" -o "$O" -u "$U" -n "$CN" -e "$e" #### file 'mk-ssl-cert' - END #### ################################## # save above file as mk-ssl-cert, and chmod +x mk-ssl-cert mk-ssl-cert SuSEconfig --module apache2 rcapache2 start http & https works. Of course the browser complaines about my certificates, but after clicking a few buttons the site is served in https mode. Key is: a pristine /etc/apache2 directory a pristine /etc/sysconfig/apache2 file Cheers, Leen
On Friday 02 July 2004 20:45, you wrote:
On Friday 02 July 2004 19:19, steve-ss wrote:
On Friday 02 July 2004 16:30, Leendert Meyer wrote:
On Friday 02 July 2004 14:39, Leendert Meyer wrote:
On Friday 02 July 2004 15:07, steve-ss wrote:
The error log still shows: [Fri Jul 02 13:58:32 2004] [notice] caught SIGTERM, shutting down
This is no problem, apache is just shutting down.
[Fri Jul 02 13:58:33 2004] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]
Yup. Got this too, but all seems well.
Really sorry but just can't figure this one out for myself.
Ok, hang on, I'll try it myself with an unconfigured apache2. I hope to report back within the next hour.
Up until now I can only confirm that I got the same error message. :(( This used to work in 9.0 AFAIK.
I'll look into this further this evening, and see what has changed.
Cheers,
Leen
Hi. Thanks a million for testing this for me. The problem is that I still can't serve any files (either http ot https) as apache will not restart. If I lose the -D SSL then at least it will serve http. Steve.
Got something. It only works with a pristine /etc/apache2 directory, but I can reproduce a working apache2 with SSL. Basically it comes down to the steps described in README.QUICKSTART.SSL - well known by now I guess. ;)
rcapache2 stop
# backup: mv /etc/apache2{,.SAVE} mv /etc/sysconfig/apache2{,.SAVE}
# remove apache2 (and dependent rpm's): rpm -e apache2 apache2-prefork apache2-mod_php4
# we have already a backup, delete it: rpm -r /etc/apache2
# install *same* rpm's as removed earlier: rpm -Uhv apache2 apache2-prefork apache2-mod_php4
# make ssl conf file, using defaults: cp /etc/apache2/vhosts.d/{vhost-ssl.template,default-ssl.con f} # [editing not needed ;) ]
edit /etc/sysconfig/apache2 - APACHE_SERVER_FLAGS="-D SSL" - APACHE_MODULES contains "ssl"
# make certificates: #################################### #### file 'mk-ssl-cert' - BEGIN #### #! /bin/sh set -x
##### # Change items marked with ***
# prefix (FNAME="example.org" creates example.org-server.crt, etc.)
: ${FNAME=}
# Common Name: : ${CN=`hostname -f`}
# *** Country: : ${C=XY}
# *** State or province: : ${ST=unknown}
# *** Location (city): : ${L=unknown}
# Organisation: : ${O=SuSE Linux Web Server}
# Organisational unit: : ${U=web server}
# Email address: : ${e=webmaster@$CN}
gensslcert ${FNAME:+-C "$FNAME"} -c "$C" -s "$ST" -l "$L" -o "$O" -u "$U" -n "$CN" -e "$e" #### file 'mk-ssl-cert' - END #### ##################################
# save above file as mk-ssl-cert, and chmod +x mk-ssl-cert mk-ssl-cert
SuSEconfig --module apache2 rcapache2 start
http & https works. Of course the browser complaines about my certificates, but after clicking a few buttons the site is served in https mode.
Key is: a pristine /etc/apache2 directory a pristine /etc/sysconfig/apache2 file
Cheers,
Leen
Now it works. Give that man a big cool beer! Thanks for all the effort. Cheers, Steve.
If I understand this thread correctly. When you think you may want to add https/ssl to apache2 you should do it before you start any "playing" about. Can I have a confirmation of this please! scsijon At 09:19 AM 3/07/2004, steve-ss wrote:
On Friday 02 July 2004 20:45, you wrote:
On Friday 02 July 2004 19:19, steve-ss wrote:
On Friday 02 July 2004 16:30, Leendert Meyer wrote:
On Friday 02 July 2004 14:39, Leendert Meyer wrote:
On Friday 02 July 2004 15:07, steve-ss wrote:
The error log still shows: [Fri Jul 02 13:58:32 2004] [notice] caught SIGTERM, shutting down
This is no problem, apache is just shutting down.
[Fri Jul 02 13:58:33 2004] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]
Yup. Got this too, but all seems well.
Really sorry but just can't figure this one out for myself.
Ok, hang on, I'll try it myself with an unconfigured apache2. I hope to report back within the next hour.
Up until now I can only confirm that I got the same error message. :(( This used to work in 9.0 AFAIK.
I'll look into this further this evening, and see what has changed.
Cheers,
Leen
Hi. Thanks a million for testing this for me. The problem is that I still can't serve any files (either http ot https) as apache will not restart. If I lose the -D SSL then at least it will serve http. Steve.
Got something. It only works with a pristine /etc/apache2 directory, but I can reproduce a working apache2 with SSL. Basically it comes down to the steps described in README.QUICKSTART.SSL - well known by now I guess. ;)
rcapache2 stop
# backup: mv /etc/apache2{,.SAVE} mv /etc/sysconfig/apache2{,.SAVE}
# remove apache2 (and dependent rpm's): rpm -e apache2 apache2-prefork apache2-mod_php4
# we have already a backup, delete it: rpm -r /etc/apache2
# install *same* rpm's as removed earlier: rpm -Uhv apache2 apache2-prefork apache2-mod_php4
# make ssl conf file, using defaults: cp /etc/apache2/vhosts.d/{vhost-ssl.template,default-ssl.con f} # [editing not needed ;) ]
edit /etc/sysconfig/apache2 - APACHE_SERVER_FLAGS="-D SSL" - APACHE_MODULES contains "ssl"
# make certificates: #################################### #### file 'mk-ssl-cert' - BEGIN #### #! /bin/sh set -x
##### # Change items marked with ***
# prefix (FNAME="example.org" creates example.org-server.crt, etc.)
: ${FNAME=}
# Common Name: : ${CN=`hostname -f`}
# *** Country: : ${C=XY}
# *** State or province: : ${ST=unknown}
# *** Location (city): : ${L=unknown}
# Organisation: : ${O=SuSE Linux Web Server}
# Organisational unit: : ${U=web server}
# Email address: : ${e=webmaster@$CN}
gensslcert ${FNAME:+-C "$FNAME"} -c "$C" -s "$ST" -l "$L" -o "$O" -u "$U" -n "$CN" -e "$e" #### file 'mk-ssl-cert' - END #### ##################################
# save above file as mk-ssl-cert, and chmod +x mk-ssl-cert mk-ssl-cert
SuSEconfig --module apache2 rcapache2 start
http & https works. Of course the browser complaines about my certificates, but after clicking a few buttons the site is served in https mode.
Key is: a pristine /etc/apache2 directory a pristine /etc/sysconfig/apache2 file
Cheers,
Leen
Now it works. Give that man a big cool beer! Thanks for all the effort. Cheers, Steve.
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Sunday 04 July 2004 10:09, scsijon wrote:
If I understand this thread correctly.
When you think you may want to add https/ssl to apache2 you should do it before you start any "playing" about.
Can I have a confirmation of this please!
Well, that's what I discovered. But I did not try to figure out why, there must be a reason for it. Cheers, Leen -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail?
I dont thin kbecause I had an already working apache 2 (on SuSe 9.0)
server, with 2 virtual hosts serving zope and tomcat, which mean I already
played with it but I was able later (a few months later) to configure
https with self-signed certificate, more or less following the README
(when I configured SSL I didn't know that this document existed so I
googled to help me setting ssl).
I don't know if it has sense but I have the impression that people having
problems were using SuSE 9.1. Is it possible? Something different in the
setup of apache 2 between both versions?
Gaël
scsijon
If I understand this thread correctly.
When you think you may want to add https/ssl to apache2 you should do it
before you start any "playing" about.
Can I have a confirmation of this please!
scsijon
At 09:19 AM 3/07/2004, steve-ss wrote:
On Friday 02 July 2004 20:45, you wrote:
On Friday 02 July 2004 19:19, steve-ss wrote:
On Friday 02 July 2004 16:30, Leendert Meyer wrote:
On Friday 02 July 2004 14:39, Leendert Meyer wrote:
On Friday 02 July 2004 15:07, steve-ss wrote: > The error log still shows: > [Fri Jul 02 13:58:32 2004] [notice] caught > SIGTERM, shutting down
This is no problem, apache is just shutting down.
> [Fri Jul 02 13:58:33 2004] [error] Server should > be SSL-aware but has no certificate configured > [Hint: SSLCertificateFile]
Yup. Got this too, but all seems well.
> Really sorry but just can't figure this one out > for myself.
Ok, hang on, I'll try it myself with an unconfigured apache2. I hope to report back within the next hour.
Up until now I can only confirm that I got the same error message. :(( This used to work in 9.0 AFAIK.
I'll look into this further this evening, and see what has changed.
Cheers,
Leen
Hi. Thanks a million for testing this for me. The problem is that I still can't serve any files (either http ot https) as apache will not restart. If I lose the -D SSL then at least it will serve http. Steve.
Got something. It only works with a pristine /etc/apache2 directory, but I can reproduce a working apache2 with SSL. Basically it comes down to the steps described in README.QUICKSTART.SSL - well known by now I guess. ;)
rcapache2 stop
# backup: mv /etc/apache2{,.SAVE} mv /etc/sysconfig/apache2{,.SAVE}
# remove apache2 (and dependent rpm's): rpm -e apache2 apache2-prefork apache2-mod_php4
# we have already a backup, delete it: rpm -r /etc/apache2
# install *same* rpm's as removed earlier: rpm -Uhv apache2 apache2-prefork apache2-mod_php4
# make ssl conf file, using defaults: cp /etc/apache2/vhosts.d/{vhost-ssl.template,default-ssl.con f} # [editing not needed ;) ]
edit /etc/sysconfig/apache2 - APACHE_SERVER_FLAGS="-D SSL" - APACHE_MODULES contains "ssl"
# make certificates: #################################### #### file 'mk-ssl-cert' - BEGIN #### #! /bin/sh set -x
##### # Change items marked with ***
# prefix (FNAME="example.org" creates example.org-server.crt, etc.)
: ${FNAME=}
# Common Name: : ${CN=`hostname -f`}
# *** Country: : ${C=XY}
# *** State or province: : ${ST=unknown}
# *** Location (city): : ${L=unknown}
# Organisation: : ${O=SuSE Linux Web Server}
# Organisational unit: : ${U=web server}
# Email address: : ${e=webmaster@$CN}
gensslcert ${FNAME:+-C "$FNAME"} -c "$C" -s "$ST" -l "$L" -o "$O" -u "$U" -n "$CN" -e "$e" #### file 'mk-ssl-cert' - END #### ##################################
# save above file as mk-ssl-cert, and chmod +x mk-ssl-cert mk-ssl-cert
SuSEconfig --module apache2 rcapache2 start
http & https works. Of course the browser complaines about my certificates, but after clicking a few buttons the site is served in https mode.
Key is: a pristine /etc/apache2 directory a pristine /etc/sysconfig/apache2 file
Cheers,
Leen
Now it works. Give that man a big cool beer! Thanks for all the effort. Cheers, Steve.
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Monday 05 July 2004 08:48, g.lams@itcilo.org wrote:
I don't know if it has sense but I have the impression that people having problems were using SuSE 9.1.
Indeed. See the 1st mail of this thread. Cheers, Leen -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail?
On Sunday 04 July 2004 09:09, scsijon wrote:
If I understand this thread correctly.
When you think you may want to add https/ssl to apache2 you should do it before you start any "playing" about.
Can I have a confirmation of this please!
scsijon
At 09:19 AM 3/07/2004, steve-ss wrote: Hi. Is there anyway of using this method with certificates I have obtained from a non self signed source? I notice that I only have .csr .key and .cert files. There seems to be one missing as compared to the self generated files. I want to get rid of the error message when using https in a browser.
Thanks, Steve.
Got something. It only works with a pristine /etc/apache2 directory, but I can reproduce a working apache2 with SSL. Basically it comes down to the steps described in README.QUICKSTART.SSL - well known by now I guess. ;)
rcapache2 stop
# backup: mv /etc/apache2{,.SAVE} mv /etc/sysconfig/apache2{,.SAVE}
# remove apache2 (and dependent rpm's): rpm -e apache2 apache2-prefork apache2-mod_php4
# we have already a backup, delete it: rpm -r /etc/apache2
# install *same* rpm's as removed earlier: rpm -Uhv apache2 apache2-prefork apache2-mod_php4
# make ssl conf file, using defaults: cp /etc/apache2/vhosts.d/{vhost-ssl.template,default-ssl .con f} # [editing not needed ;) ]
edit /etc/sysconfig/apache2 - APACHE_SERVER_FLAGS="-D SSL" - APACHE_MODULES contains "ssl"
# make certificates: #################################### #### file 'mk-ssl-cert' - BEGIN #### #! /bin/sh set -x
##### # Change items marked with ***
# prefix (FNAME="example.org" creates example.org-server.crt, etc.)
: ${FNAME=}
# Common Name: : ${CN=`hostname -f`}
# *** Country: : ${C=XY}
# *** State or province: : ${ST=unknown}
# *** Location (city): : ${L=unknown}
# Organisation: : ${O=SuSE Linux Web Server}
# Organisational unit: : ${U=web server}
# Email address: : ${e=webmaster@$CN}
gensslcert ${FNAME:+-C "$FNAME"} -c "$C" -s "$ST" -l "$L" -o "$O" -u "$U" -n "$CN" -e "$e" #### file 'mk-ssl-cert' - END #### ##################################
# save above file as mk-ssl-cert, and chmod +x mk-ssl-cert mk-ssl-cert
SuSEconfig --module apache2 rcapache2 start
http & https works. Of course the browser complaines about my certificates, but after clicking a few buttons the site is served in https mode.
Key is: a pristine /etc/apache2 directory a pristine /etc/sysconfig/apache2 file
Cheers,
Leen
Now it works. Give that man a big cool beer! Thanks for all the effort. Cheers, Steve.
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
Hello I have suse9.1 and I'm thinking of securing it. I will have on the site e-commerce with passwords and credit cards. Is there any step by step how to??? Which certificate is better the some that you buy or the one that generate on the server?? Thanks Helder Lopes
Well, the difference between the ones you buy and the self signed
certificates is that the purchased certs are (supposedly) certified by
a Certificate Authority.
A Certificate Authority, ie. Verisign, assures the user you are who
you say you are. A self signed cert is just that, you're the one
doing the assuring.
There is a public CA that went to USENIX Boston to sign people up and
is supposedly pretty popular. See /. for the article.
On Fri, 2 Jul 2004 16:31:54 +0100, Helder Lopes
I will have on the site e-commerce with passwords and credit cards.
Is there any step by step how to???
Which certificate is better the some that you buy or the one that generate on the server??
Thanks Helder Lopes
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Friday 02 July 2004 16:31, Helder Lopes wrote:
Hello I have suse9.1 and I'm thinking of securing it.
I will have on the site e-commerce with passwords and credit cards.
Is there any step by step how to???
Which certificate is better the some that you buy or the one that generate on the server??
Thanks Helder Lopes
Do you have it working under 9.1 with *any* certificate? We currently have a thread open on just this subject called https Steve.
No I don't the only thing I have is Apache2 working ..
----- Original Message -----
From: "steve-ss"
On Friday 02 July 2004 16:31, Helder Lopes wrote:
Hello I have suse9.1 and I'm thinking of securing it.
I will have on the site e-commerce with passwords and credit cards.
Is there any step by step how to???
Which certificate is better the some that you buy or the one that generate on the server??
Thanks Helder Lopes
Do you have it working under 9.1 with *any* certificate? We currently have a thread open on just this subject called https
Steve.
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
I just created one using gensslcert.
I know that it is created, in /srv/www/htdocs there is a file called CA.rst
what should I do next???
Thanks
----- Original Message -----
From: "steve-ss"
On Friday 02 July 2004 16:31, Helder Lopes wrote:
Hello I have suse9.1 and I'm thinking of securing it.
I will have on the site e-commerce with passwords and credit cards.
Is there any step by step how to???
Which certificate is better the some that you buy or the one that generate on the server??
Thanks Helder Lopes
Do you have it working under 9.1 with *any* certificate? We currently have a thread open on just this subject called https
Steve.
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Monday 05 July 2004 11:06, Helder Lopes wrote:
I just created one using gensslcert.
I know that it is created, in /srv/www/htdocs there is a file called CA.rst
what should I do next???
Read this file: /usr/share/doc/packages/apache2/README.QUICKSTART.SSL
And perhaps read this message:
Re: [SLE] https - :D
From: Leendert Meyer
måndag 05 juli 2004 11:18 skrev Leendert Meyer:
On Monday 05 July 2004 11:06, Helder Lopes wrote:
I just created one using gensslcert.
I know that it is created, in /srv/www/htdocs there is a file called CA.rst
what should I do next???
Read this file: /usr/share/doc/packages/apache2/README.QUICKSTART.SSL
On of the issues, with the quickstart, is that unless you can "omit" the passphrase, you will have to be around and type it in by hand every time you start the server.
participants (7)
-
g.lams@itcilo.org -
Helder Lopes -
Leendert Meyer -
mmarseglia -
scsijon -
steve-ss -
Örn Hansen