Re: The same old self-signed CA problem!

Sat, 25 Aug 2001 17:33:38 -0700 



George Walsh wrote:
> 
> This has been one long battle, made messy later on by my having to work backward 
>from 0.6.6b to 0.9.6 in order to get a compile under UnixWare7.1.1
> 
> I have followed the advice Alex Pircher has kindly provided. Basically, that meant 
>following through the creation of the RSA provate key for the server and the creation 
>of the CSR with the server's private key as laid out in the mod_ssl faq pages, step 
>by step.
> 
> But when I get to needing sign.sh to sign the certificate I lose it. I cannot relate 
>what is in that script to anything I have done. Nor, it seems, can it.
> 
> The server.key and the server.csr are in the apache/conf directory.
> 
> Why did I go this way instead of 'make certificate' in the apache tree? Because it 
>complains about the 2 certificates having the same date. Perhaps there is a way 
>around that one somebody has been through before?
> 
> Otherwise, I am going to throw in the towel and simply use rewrite to get around 
>hpps calls. This is, after all, a development server, not the actual web server. But 
>it is annoying when I cannot get my application programs in and out of the secure 
>portion of the site.
> 
> Any pointers would be of great help. I guess I am living proof that applications 
>people make poor system mechanics.
> 
> And thanks, Alex ... way across the seas (and a continent) in Germany!
> 

Well sign.sh and 'make certificate' aren't part of OpenSSL...

However there are several well documented ways to create self signed CAs
and server certificates using OpenSSL. The CA.pl script (see manual
page) is one example. You can also create a private key and self signed
certificate with a single command:

openssl req -new -x509 -out cert.pem -keyout key.pem

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to