Self-Signed Certificate - Windows VistaI think what your trying to do is create your own CA, import a certificate from it into your vista system, then create a server cert and sign it with the CA. At least I think that is what your trying to do. But it looks like a mixture of commands to do this and to just make a self signed cert, all mixed together.
What you need to do is start out with a basic self-signed cert, as such: cd /usr/local/etc/apache/ssl.csr openssl req -new > server.csr PEM phrase "eatme" cd /usr/local/etc/apache/ssl.key openssl rsa -in ../ssl.csr/privkey.pem -out server.key cd /usr/local/etc/apache/ssl.crt openssl x509 -in ../ssl.csr/server.csr -out server.crt -req -signkey ../ssl.key/server.key -days 1095 vi /usr/local/etc/apache/httpd.conf # Enable/Disable SSL for this virtual host. SSLEngine on # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. A test # certificate can be generated with `make certificate' under # built time. Keep in mind that if you've both a RSA and a DSA # certificate you can configure both in parallel (to also allow # the use of DSA ciphers, etc.) SSLCertificateFile /usr/local/etc/apache/ssl.crt/server.crt #SSLCertificateFile /usr/local/etc/apache/ssl.crt/server-dsa.crt # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/server.key #SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/server-dsa.key Not as fancy as what you were trying to do but see if this works out first. Ted ----- Original Message ----- From: Mike Koponick To: openssl-users@openssl.org Sent: Monday, March 19, 2007 9:21 AM Subject: RE: Self-Signed Certificate - Windows Vista Here are the steps I used to create the cert: I removed some information to protect the innocent. Thanks! Mike openssl genrsa -des3 -out portal-server.key 1024 openssl req -new -key portal-server.key -out portal-server.csr Using configuration from /usr/share/ssl/openssl.cnf Enter PEM pass phrase: <Enter-Password> You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:US State or Province Name (full name) [Berkshire]:Oregon Locality Name (eg, city) [Newbury]: Organization Name (eg, company) [My Company Ltd]:xxxxxxxxxxxxxxxxxxxxxxxxx Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:xxxxxxxl.xxxxxxxx.xx Email Address []:xxxxxxxxxxxxxxxxxxx Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: This completes the server side of the certificate. Ensure that the /usr/local/apache2/conf/ssl.conf has the correct information for the certificates. This section covers creating a certificate so you can access the Portal. This process is automated on the Portal, however since you created a new certificate (server side) you cannot access the Portal. openssl x509 -req -in portal-server.csr -out portal-server.crt -sha1 -CA mikek-ca.crt -CAkey mikek-ca.key -CAcreateserial -days 3650 openssl genrsa -des3 -out mikek-c.key 1024 Generating RSA private key, 1024 bit long modulus ..++++++ ........................................................................++++++ e is 65537 (0x10001) Enter PEM pass phrase: <Enter-Password> Verifying password - Enter PEM pass phrase: <Enter-Password> openssl req -new -key mikek-c.key -out mikek-c.csr Using configuration from /usr/share/ssl/openssl.cnf Enter PEM pass phrase: <Enter-Password> You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:US State or Province Name (full name) [Berkshire]:Bend Locality Name (eg, city) [Newbury]: Organization Name (eg, company) [My Company Ltd]:xxxxxxxxxxxxxxxxxxxxxx Organizational Unit Name (eg, section) []:Sales Common Name (eg, your name or your server's hostname) []:Mike Koponick Email Address []:[EMAIL PROTECTED] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: openssl x509 -req -in mikek-c.csr -out mikek -c.crt -sha1 -CA mikek -ca.crt -CAkey mikek -ca.key -CAcreateserial -days 3650 openssl pkcs12 -export -in van-c.crt -inkey mikek -c.key -name "Mike Koponick" -out mikek -c.p12 openssl pkcs12 -in mikek -c.p12 -clcerts -nokeys -info Thanks! Mike -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ted Mittelstaedt Sent: Monday, March 19, 2007 12:02 AM To: openssl-users@openssl.org Subject: Re: Self-Signed Certificate - Windows Vista please post the steps you did to create the self-signed cert Ted ----- Original Message ----- From: Mike Koponick To: openssl-users@openssl.org Sent: Thursday, March 15, 2007 1:09 PM Subject: Self-Signed Certificate - Windows Vista Hello, I've searched the archives and Google, but have turned up empty handed. I currently run a web server that has a self-signed certificate generated by OpenSSL (Running Apache, Linux, etc). When I try to connect to the web server via the Vista machine, all I get is a blank page. I searched for errors in the logs and haven't found anything that points me in the right direction. Has anyone else seen this issue? Thanks in advance, Mike
