[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Using SSL Certs



Philippe,

Thanks allot of for the help! I have a few questions below.

This will do:

gensslcert --help

All Options are shown!

Gensslcert will generate a certificate for 2000 days (this should be long
enough).
I've already generated a cert with openssl. Is gensslcert another way to do it or a way to test Apache?

Go to /etc/httpd (/etc/apache2) and there to
Which directory?? httpd? or apache2?? or both?? I am running SUSE 9.0 which I assume is using apache2.

ssl.crt/
ssl.key/
ssl.csr/

and rename all new certs (<SERVERNAME>server.*) to:
So in this example, if my server was 'homeserver' I would rename all the certs (cert.pem, key.pem & req.pem) as follows respectively: homeserver.crt, homeserver.key, & homeserver.csr and copy them to the corresponding directories? This is the boxes local name? or FQDN that the cert specifies?

/etc/httpd/ssl.crt/server.crt
/etc/httpd/ssl.key/server.key
/etc/httpd/ssl.csr/server.csr

Edit /etc/httpd/httpd.conf:

<VirtualHost _default_:443>

#  General setup for the virtual host
DocumentRoot "/srv/www/htdocs"
ServerName <SERVER-FULL-NAME>
ServerAdmin www@<SERVER-FULL-NAME>
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log

Edit /etc/sysconfig/apache (apache2)
Again, which one? apache or apache2??

HTTPD_START_TIMEOUT="5"
HTTPD_SEC_MOD_SSL="yes"

Apache2:

APACHE_SERVER_FLAGS="-D SSL"
APACHE_MODULES=" [...] ssl"

Next do a
I should know from your above answers, but this would depend upon which version of apache correct???


Thanka allot!!!

Eric

SuSEconfig --module apache (or apache2)

rcapache restart

Check if the server comes up.

Philippe




--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here