Apache2Triad Help, Support and Development Forum Index Search Profile Log in to check your private messages Log in Register Memberlist Attachments Statistics Crew/Ranks Archive
 Help setting up SSL
Google
Post new topic Reply to topic
Author Message
forsythi
 
 


Joined: 27 Apr 2005
Posts: 8

PostPosted: Wed Apr 27, 2005 7:58 pm Reply with quoteBack to top

Can anyboby help me with setting up ssl, i keep getting the message
the name of the security certificate does not match the name of the site when accessed via web browser but i am not sure why this is happening and which stage i am getting wronge, if you veiw the certificate info is says issued to localhost issued by localhost.
View user's profileSend private message
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Wed Apr 27, 2005 8:12 pm Reply with quoteBack to top

You need to generate a new certificate for your website. Where the host is WhateverYourSiteIs.com instead of localhost. I've made a little batch file to make a new cert. at http://jaydium.servehttp.com/download.php?view.11 you can also do this from A2T's folder in the start menu.

If you want some info on sslcert: http://jaydium.servehttp.com/forum_viewtopic.php?13.18

Also, there's a howto running around on these forums http://apache2triad.net/forums/viewtopic.php?t=40
View user's profileSend private messageYahoo MessengerICQ Number
forsythi
 
 


Joined: 27 Apr 2005
Posts: 8

PostPosted: Wed Apr 27, 2005 8:34 pm Reply with quoteBack to top

thanks for the reply Demoric, unfortunatly the links are not going anywhere, i have tried the link http://apache2triad.net/forums/viewtopic.php?t=40 but still can get this working.
View user's profileSend private message
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Thu Apr 28, 2005 2:28 pm Reply with quoteBack to top

Sorry had some down time. (I was adding a VNC/stunnel combo, and had taken my server down until it was configured) The links should work now.
View user's profileSend private messageYahoo MessengerICQ Number
forsythi
 
 


Joined: 27 Apr 2005
Posts: 8

PostPosted: Thu Apr 28, 2005 4:50 pm Reply with quoteBack to top

Can get to your website but when i click on the link to the file it just says total of 2 files in zipfile ands thats all.
View user's profileSend private message
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Thu Apr 28, 2005 5:46 pm Reply with quoteBack to top

I'd installed a module that makes zip files browse-able. I hadn't thought about how it would effect downloads. I'll have to change that later, but for now you can get the batchfile at http://jaydium.servehttp.com/e107_files/downloads/DownNDirtyEnableApache2SSL.zip/

or you can just paste the following into notepad and save it as Apache2SSL.bat :

Code:
@ECHO OFF
echo ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
ECHO º Down 'N Dirty Self Signed SSL for Apache2Triad º
Echo º Version 0.0.1a By Demoric                      º
Echo º Use At Your Own Risk!                          º
echo ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ
if exist "C:\apache2triad\opssl\bin" goto Default
:Default
cd C:\apache2triad\opssl\bin
goto KEYS

if exist %1 goto CUSTOM
Echo To install you must specify the path to opssl\bin
echo.
Echo For example: Apache2SSL C:\apache2triad\opssl\bin
pause
GOTO EXIT

:CUSTOM
CD %1
goto KEYS

:KEYS
goto NoPassword

:NoPassword
ECHO This makes a private key named privkey.pem with the rsa algorithm and that is 2048 bits big
openssl genrsa -out privkey.pem 2048
goto Cert

:Password
ECHO This makes a password protected private key
openssl genrsa -des3 -out privkey.pem 2048
goto Cert

:cert
goto SelfSign

:SelfSign
ECHO This makes a self-signed certificate named certificate.crt for your private key that is valid for 1095 days
openssl req -new -x509 -key privkey.pem -out certificate.crt -days 1095 -config openssl.cnf
Goto CopyFiles

:SubmitSign
ECHO This make a certificate request for submiting to a signing authority for validation
openssl req -new -key privkey.pem -out certificate.crt
Goto CopyFiles

:CopyFiles


cd..
ECHO ---------------------------------------------
ECHO Manipulating Certificate Files
ECHO ---------------------------------------------
@ Echo Off
del .\cert\certificate.crt.bak
del .\cert\privkey.pem.bak
rename .\cert\certificate.crt .\cert\certificate.crt.bak
rename .\cert\privkey.pem .\cert\privkey.pem.bak
copy .\bin\certificate.crt .\cert\certificate.crt
copy .\bin\privkey.pem .\cert\privkey.pem
ECHO ---------------------------------------------
ECHO Now all you have to do is stop Apache2Triad Apache2 Service
Echo and start (or restart) Apache2Triad Apache2 Service with SSL
echo you can use service manger to do this
%windir%\system32\services.msc
pause
pause
GOTO EXIT


:EXIT
pause
cls
exit
View user's profileSend private messageYahoo MessengerICQ Number
forsythi
 
 


Joined: 27 Apr 2005
Posts: 8

PostPosted: Thu Apr 28, 2005 6:52 pm Reply with quoteBack to top

Thanks for the file Demoric, i have run the batch file but i still get the security alert box pop up when using a browser and i now have 3 yellow triangles:-

1. The securtiy certificate was issued by a company you have not chosen to trust.

2. The security certificate has expired or is not yet valid

3. The name on the security certificate does not match the name of the site.

Do i need to do something else??

Thanks
View user's profileSend private message
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Thu Apr 28, 2005 7:36 pm Reply with quoteBack to top

Quote:
The securtiy certificate was issued by a company you have not chosen to trust

This what browsers will do with self signed server certificates. You can pay and be verified by official certificate places like verisign.

Quote:
The security certificate has expired or is not yet valid

I haven't seen this reaction from using this script before. Check the dates in the certificate \apache2triad\openssl\bin\certificate.crt

Quote:
The name on the security certificate does not match the name of the site.

When you're entering the information for the certificate you need to put in yoursite.com You're prompted for the following information.

1. Country Name
Enter the two-letter code for the country in which your Stronghold server resides.

2. State Name
Enter the full name of the state or province in which the server resides.

3. Locality Name
Enter the name of the city, town, or county in which the server resides.

4. Organization Name
Your organization name is required information.

5. Organization Unit Name
This information is optional. To skip this field, enter a period (.).

6. Common Name
This is typically the hostname of your server, such as www.random.com.

7. Webmaster email address
View user's profileSend private messageYahoo MessengerICQ Number
forsythi
 
 


Joined: 27 Apr 2005
Posts: 8

PostPosted: Wed May 04, 2005 3:29 pm Reply with quoteBack to top

Hi Demoric

Thanks for your help so far, still haveing no joy with this, i have downloaded a trial certificate from verisign but it still insists on looking at the old certificate, if i remove all the certs and the priv key, renew the priv key and paste the verisign cert back apache2triad ssl will not start, i have checked the path to the cert /openssl/cert is correct, im stumped.

Am i right in thinking that all i need in the cert folder is the private key and the cert?

Thanks in advance.
View user's profileSend private message
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Wed May 04, 2005 8:53 pm Reply with quoteBack to top

Quote:
Am i right in thinking that all i need in the cert folder is the private key and the cert?


The private key, and the certificate should be in your cert folder yes.
View user's profileSend private messageYahoo MessengerICQ Number
Display posts from previous:      
Post new topic Reply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
Powered by phpBB © 2001, 2002 phpBB Group :: FI Theme
All times are GMT