Apache2Triad Help, Support and Development Forum Index Search Profile Log in to check your private messages Log in Register Memberlist Attachments Statistics Crew/Ranks Archive
 SSL Need some help!!!
Google
Post new topic Reply to topic
Author Message
ericwu001
 
 


Joined: 10 Jun 2004
Posts: 9

PostPosted: Thu Dec 15, 2005 10:27 pm Reply with quoteBack to top

I turned on SSL and it worked. But everytime I get to ssl pages, it gives me a security alert and says "the name on the security certificate is invalid or does not match the name of the site" ... then I followed the thread to create my own certificate. After that, the old certificate keeps coming back.... I can not see my own certificate and security alert remains the same. What am I missing ? Please help.
View user's profileSend private message
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Thu Dec 15, 2005 10:55 pm Reply with quoteBack to top

you haven't replaced the old certificate with your new one. Try using the instructions again, or try the batch script.
View user's profileSend private messageYahoo MessengerICQ Number
ericwu001
 
 


Joined: 10 Jun 2004
Posts: 9

PostPosted: Thu Dec 15, 2005 11:19 pm Reply with quoteBack to top

Something bad happened. I used batch to create my own certificate and it shut the apache SSL server down ... I could not bring SSL back on ... When I created my own certificate before, I renamed the old one ( from cretificate to certificate1 ) and I renamed it back to the old name after SSL server got shut down ... I was able to bring SSL back but this time I did not have old certificate anymore.... Help.... I can't turn SSL server on.
*************************************************************
I managed to change file names of two back-up files ( one is privkey.pem and the other is certificate.crt ) to their original names ( remove bak...) and SSL server is working now.. What happened to my own certificate ?
View user's profileSend private message
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Fri Dec 16, 2005 12:55 am Reply with quoteBack to top

that depends on how many times you used the batch script.

When you run the script it delete previous backups
Code:
del .\cert\certificate.crt.bak
del .\cert\privkey.pem.bak


and then creates backups of your existing files
Code:
copy .\cert\certificate.crt .\cert\certificate.crt.bak
copy .\cert\privkey.pem .\cert\privkey.pem.bak


after that it creates new files. Default will change A2T's default ssl certificate.

If you use Custom then you have to manually configure your ssl.conf.
View user's profileSend private messageYahoo MessengerICQ Number
ericwu001
 
 


Joined: 10 Jun 2004
Posts: 9

PostPosted: Fri Dec 16, 2005 1:03 am Reply with quoteBack to top

I ran the batch program only once... then it shut the SSL server down... Any other place I should look for ?

Demoric wrote:
that depends on how many times you used the batch script.

When you run the script it delete previous backups
Code:
del .\cert\certificate.crt.bak
del .\cert\privkey.pem.bak


and then creates backups of your existing files
Code:
copy .\cert\certificate.crt .\cert\certificate.crt.bak
copy .\cert\privkey.pem .\cert\privkey.pem.bak


after that it creates new files. Default will change A2T's default ssl certificate.

If you use Custom then you have to manually configure your ssl.conf.
View user's profileSend private message
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Fri Dec 16, 2005 1:56 am Reply with quoteBack to top

the only other way it would be deleted is by something you may have done. Check your Recycle Bin maybe?

Why don't you just generate a new certificate?
View user's profileSend private messageYahoo MessengerICQ Number
ericwu001
 
 


Joined: 10 Jun 2004
Posts: 9

PostPosted: Fri Dec 16, 2005 2:13 am Reply with quoteBack to top

I love to generate a new self-signed certificate and take care of this once for all. I downloaded your batch program which is very neat and ran thru every step.... I am pretty certain new certificate would be generated and over-write the old ones as well as privkey....As soon as the new ones over-written the old ones, I can see apache2triadmonitor on the bottom right hand corner turns RED.... SSL server gets shut down again... I am using window based platform, does it matter ?

Demoric wrote:
the only other way it would be deleted is by something you may have done. Check your Recycle Bin maybe?

Why don't you just generate a new certificate?
View user's profileSend private message
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Fri Dec 16, 2005 2:33 am Reply with quoteBack to top

Try, stopping apache2ssl run the script, and then start apache2ssl, (and it is for windows.)
View user's profileSend private messageYahoo MessengerICQ Number
ericwu001
 
 


Joined: 10 Jun 2004
Posts: 9

PostPosted: Fri Dec 16, 2005 11:28 pm Reply with quoteBack to top

I am using Apache2triad for window and SSL works with the certificate that came with it. ( created by Mancini@users.sourceforge.net ) but not with the one I created. Why ? Even I re-created a fresh one ( I stoped server first then created ), it still did not work. What did I miss ?
I just found the problem .... when I creat my own certificate, the first question is whether I would like to set a security phrase ( password ) to protect my privkey.pem ..... I have to say "NO" to make my own certificate work....
After I create my own certificate, security alert still says .. the name does not match ... why ? Can you help ? **** PLEASE DISREGARD THIS QUESTION***** Just in case somebody would like to know the cure.....
Change common name ( in the process of getting certificate ) to the name of the website... then it will be ok.
Demoric wrote:
Try, stopping apache2ssl run the script, and then start apache2ssl, (and it is for windows.)
View user's profileSend private message
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Sat Dec 17, 2005 12:34 am Reply with quoteBack to top

The info you enter is as follows:
Quote:
0. State Name

Enter the full name of the state or province in which the server resides.
1. Locality Name

Enter the name of the city, town, or county in which the server resides.
2. Organization Name

Your organization name is required information.
3. Organization Unit Name

This information is optional. To skip this field, enter a period (.).
4. Common Name

This is typically the hostname of your server, such as www.random.com.

The program prints your certificate signing request. Verify the information it contains before you proceed.
5. Webmaster email address

6. Webmaster phone number

7. Certificate Authority

Enter the email address of the CA to which you want to send the request if it differs from the default.


E.G. Common name is yoursite.com
View user's profileSend private messageYahoo MessengerICQ Number
Display posts from previous:      
Post new topic Reply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
Powered by phpBB © 2001, 2002 phpBB Group :: FI Theme
All times are GMT