[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Using SSL Certs



> I followed the directions from
> http://www.eclectica.ca/howto/ssl-cert-howto.php to create and use SSL
> certificates.  I was able to successfully create the certificates for
> testing but cannot get an ssl connection via my browser to the site.  I
> added the site certificate and private key paths to the httpd.conf like
> below from the 'how to':
>     SSLCertificateFile /home/httpd/ssl/cert.pem
>     SSLCertificateKeyFile /home/httpd/ssl/key.pem
>
> This is my first attempt at using SSL with Apache so is there something
> I am missing? The how to simply says to put these entries in the
> httpd.conf and restart Apache.  mod_ssl is also installed.
>
> Any ideas would be appreciated.
>
> Thanks,

This will do:

gensslcert --help

All Options are shown!

Gensslcert will generate a certificate for 2000 days (this should be long
enough).

Go to /etc/httpd (/etc/apache2) and there to

ssl.crt/
ssl.key/
ssl.csr/

and rename all new certs (<SERVERNAME>server.*) to:

/etc/httpd/ssl.crt/server.crt
/etc/httpd/ssl.key/server.key
/etc/httpd/ssl.csr/server.csr

Edit /etc/httpd/httpd.conf:

<VirtualHost _default_:443>

#  General setup for the virtual host
DocumentRoot "/srv/www/htdocs"
ServerName <SERVER-FULL-NAME>
ServerAdmin www@<SERVER-FULL-NAME>
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log

Edit /etc/sysconfig/apache (apache2)

HTTPD_START_TIMEOUT="5"
HTTPD_SEC_MOD_SSL="yes"

Apache2:

APACHE_SERVER_FLAGS="-D SSL"
APACHE_MODULES=" [...] ssl"

Next do a

SuSEconfig --module apache (or apache2)

rcapache restart

Check if the server comes up.

Philippe


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here