Re: [MLUG] server site certificates (was "network cables?")

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: EMAIL:PROTECTED
Subject: Re: [MLUG] server site certificates (was "network cables?")
From: "Blake C. Lewis" <EMAIL:PROTECTED>
Date: Thu, 15 Mar 2001 01:43:24 -0600
Organization: IATS University of Missouri
References: <EMAIL:PROTECTED>
Reply-To: EMAIL:PROTECTED
Sender: EMAIL:PROTECTED

Rob,
	The certificate that comes with RedHat "server.crt" names
localhost.localdomain as the site. What you need to do is buy a 
certificate (crt) or generate a Snakeoil signed crt. Snakeoil is
a bogus Certificate Authority (CA) that you can make your own
"test" crt with. The package mod_ssl has some documentation that
will be helpful:
file:///usr/share/doc/mod_ssl-2.7.1/SSL-Certificate-Creation
=================================================================
o   The complete mod_ssl documentation is included in the mod_ssl package and
    browseable under http://localhost/manual/mod/mod_ssl/.

o   To generate a certificate signing request suitable for submission to a
    Certificate Authority, execute the following commands:

        cd /etc/httpd/conf
        make genkey
        make certreq

    ...and then look in the file named "/etc/httpd/conf/ssl.csr/server.csr".

o   To generate a self signed certificate, execute the following commands:

        cd /etc/httpd/conf
        make genkey
        make testcert
===============================================================================
You need to then move the crt to "apache config"/ssl.crt directory
Then in httpd.conf the crt is named by default server.crt  you can 
either over write that file with the new on or change httpd.conf
to reflect the new file name.
I am trying to remember how I have done this as I write. So I might 
have left something out. The first opton above "make certreq" generates
what you send to a CA to get your real crt. The second is for the bogus
crt. A bogus crt will get you encryption but you are certifying yourself
as being yourself.
There is one question that the above procedure ask that you must answer 
right(with your machine name) or you will continue getting the same message.
>From the words used it is not straight forward what is to answered. The second
or third time through you'll figure it out though.
Anybody please correct me if I'm wrong.... 
			Blake

Rob Judd wrote:
> 
> On Fri, 2 Mar 2001, Mikhail Kovalenko wrote:
> 
> > Here's something on topic: Has anyone messed with site certificates
> > before? They mostly work for me but not quite. In particular, Netscape
> > says:
> 
> > "The certificate that the site has presented does not contain the
> > correct site  name...:
> >    Certificate for:
> >    Signed by:
> >    Encryption: Highest Grade (RC4 with 128-bit secret key)"
> 
> > The certificate was created with RedHat tools that come with apache.
> > How do I get the site name to show up?
> 
> Did you ever figure this out?  I finally got around to reading the
> documentation and I found where you need to put the name of your site.
> Let me know if you still care.
> 
> Cheers, Rob
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/

Follow-Ups:
- Re: [MLUG] server site certificates (was "network cables?")
  - From: Mikhail Kovalenko <EMAIL:PROTECTED>
- Re: [MLUG] server site certificates (was "network cables?")
  - From: Rob Judd <EMAIL:PROTECTED>

References:
- Re: [MLUG] server site certificates (was "network cables?")
  - From: Rob Judd <EMAIL:PROTECTED>

Prev by Date: RE: [MLUG] how do I create a shortcut on desktop?
Next by Date: Re: [MLUG] how do I create a shortcut on desktop?
Previous by thread: Re: [MLUG] server site certificates (was "network cables?")
Next by thread: Re: [MLUG] server site certificates (was "network cables?")
Index(es):
- Date
- Thread