| Author |
Message |
forsythi
Joined: 27 Apr 2005
Posts: 8
|
 Posted:
Wed Apr 27, 2005 7:58 pm |
  |
Can anyboby help me with setting up ssl, i keep getting the message
the name of the security certificate does not match the name of the site when accessed via web browser but i am not sure why this is happening and which stage i am getting wronge, if you veiw the certificate info is says issued to localhost issued by localhost. |
|
|
  |
|
Joshua Meadows (DemoRic)
support
Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas
|
| Posted:
Wed Apr 27, 2005 8:12 pm |
|
|
  |
|
forsythi
Joined: 27 Apr 2005
Posts: 8
|
| Posted:
Wed Apr 27, 2005 8:34 pm |
|
|
|
|
Joshua Meadows (DemoRic)
support
Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas
|
| Posted:
Thu Apr 28, 2005 2:28 pm |
|
Sorry had some down time. (I was adding a VNC/stunnel combo, and had taken my server down until it was configured) The links should work now. |
|
|
|
|
forsythi
Joined: 27 Apr 2005
Posts: 8
|
| Posted:
Thu Apr 28, 2005 4:50 pm |
|
Can get to your website but when i click on the link to the file it just says total of 2 files in zipfile ands thats all. |
|
|
|
|
Joshua Meadows (DemoRic)
support
Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas
|
| Posted:
Thu Apr 28, 2005 5:46 pm |
|
I'd installed a module that makes zip files browse-able. I hadn't thought about how it would effect downloads. I'll have to change that later, but for now you can get the batchfile at http://jaydium.servehttp.com/e107_files/downloads/DownNDirtyEnableApache2SSL.zip/
or you can just paste the following into notepad and save it as Apache2SSL.bat :
| Code: | @ECHO OFF
echo ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
ECHO º Down 'N Dirty Self Signed SSL for Apache2Triad º
Echo º Version 0.0.1a By Demoric º
Echo º Use At Your Own Risk! º
echo ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ
if exist "C:\apache2triad\opssl\bin" goto Default
:Default
cd C:\apache2triad\opssl\bin
goto KEYS
if exist %1 goto CUSTOM
Echo To install you must specify the path to opssl\bin
echo.
Echo For example: Apache2SSL C:\apache2triad\opssl\bin
pause
GOTO EXIT
:CUSTOM
CD %1
goto KEYS
:KEYS
goto NoPassword
:NoPassword
ECHO This makes a private key named privkey.pem with the rsa algorithm and that is 2048 bits big
openssl genrsa -out privkey.pem 2048
goto Cert
:Password
ECHO This makes a password protected private key
openssl genrsa -des3 -out privkey.pem 2048
goto Cert
:cert
goto SelfSign
:SelfSign
ECHO This makes a self-signed certificate named certificate.crt for your private key that is valid for 1095 days
openssl req -new -x509 -key privkey.pem -out certificate.crt -days 1095 -config openssl.cnf
Goto CopyFiles
:SubmitSign
ECHO This make a certificate request for submiting to a signing authority for validation
openssl req -new -key privkey.pem -out certificate.crt
Goto CopyFiles
:CopyFiles
cd..
ECHO ---------------------------------------------
ECHO Manipulating Certificate Files
ECHO ---------------------------------------------
@ Echo Off
del .\cert\certificate.crt.bak
del .\cert\privkey.pem.bak
rename .\cert\certificate.crt .\cert\certificate.crt.bak
rename .\cert\privkey.pem .\cert\privkey.pem.bak
copy .\bin\certificate.crt .\cert\certificate.crt
copy .\bin\privkey.pem .\cert\privkey.pem
ECHO ---------------------------------------------
ECHO Now all you have to do is stop Apache2Triad Apache2 Service
Echo and start (or restart) Apache2Triad Apache2 Service with SSL
echo you can use service manger to do this
%windir%\system32\services.msc
pause
pause
GOTO EXIT
:EXIT
pause
cls
exit |
|
|
|
|
|
forsythi
Joined: 27 Apr 2005
Posts: 8
|
| Posted:
Thu Apr 28, 2005 6:52 pm |
|
Thanks for the file Demoric, i have run the batch file but i still get the security alert box pop up when using a browser and i now have 3 yellow triangles:-
1. The securtiy certificate was issued by a company you have not chosen to trust.
2. The security certificate has expired or is not yet valid
3. The name on the security certificate does not match the name of the site.
Do i need to do something else??
Thanks |
|
|
|
|
Joshua Meadows (DemoRic)
support
Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas
|
| Posted:
Thu Apr 28, 2005 7:36 pm |
|
| Quote: | | The securtiy certificate was issued by a company you have not chosen to trust |
This what browsers will do with self signed server certificates. You can pay and be verified by official certificate places like verisign.
| Quote: | | The security certificate has expired or is not yet valid |
I haven't seen this reaction from using this script before. Check the dates in the certificate \apache2triad\openssl\bin\certificate.crt
| Quote: | | The name on the security certificate does not match the name of the site. |
When you're entering the information for the certificate you need to put in yoursite.com You're prompted for the following information.
1. Country Name
Enter the two-letter code for the country in which your Stronghold server resides.
2. State Name
Enter the full name of the state or province in which the server resides.
3. Locality Name
Enter the name of the city, town, or county in which the server resides.
4. Organization Name
Your organization name is required information.
5. Organization Unit Name
This information is optional. To skip this field, enter a period (.).
6. Common Name
This is typically the hostname of your server, such as www.random.com.
7. Webmaster email address |
|
|
|
|
forsythi
Joined: 27 Apr 2005
Posts: 8
|
| Posted:
Wed May 04, 2005 3:29 pm |
|
Hi Demoric
Thanks for your help so far, still haveing no joy with this, i have downloaded a trial certificate from verisign but it still insists on looking at the old certificate, if i remove all the certs and the priv key, renew the priv key and paste the verisign cert back apache2triad ssl will not start, i have checked the path to the cert /openssl/cert is correct, im stumped.
Am i right in thinking that all i need in the cert folder is the private key and the cert?
Thanks in advance. |
|
|
|
|
Joshua Meadows (DemoRic)
support
Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas
|
| Posted:
Wed May 04, 2005 8:53 pm |
|
| Quote: | | Am i right in thinking that all i need in the cert folder is the private key and the cert? |
The private key, and the certificate should be in your cert folder yes. |
|
|
|
|
|
|
