Apache2Triad Help, Support and Development Forum Index Search Profile Log in to check your private messages Log in Register Memberlist Attachments Statistics Crew/Ranks Archive
 Tutorial : custom SSL key and certificate creations
Google
Post new topic Reply to topic
Author Message
Vlad Alexa Mancini
lead developer
lead developer


Joined: 07 Jul 2003
Posts: 1539

PostPosted: Fri Jul 18, 2003 7:50 pm Reply with quoteBack to top

To make a custom certificate you have to perform these 2 steps :

1 - Make a private key :

type in a console :
Code:

openssl genrsa -out privkey.pem 2048


this makes a private key named privkey.pem with the rsa algorithm and that is 2048 bits big

or
Code:

openssl genrsa -des3 -out privkey.pem 2048

to make a password protected private key


2 - Make a certificate :

type in a console :
Code:

openssl req -new -x509 -key privkey.pem -out certificate.crt -days 1095 -config c:\apache2\opssl\bin\openssl.cnf

this makes a self-signed certificate named certificate.crt for your private key that is valid for 1095 days

or
Code:

openssl req -new -key privkey.pem -out certificate.crt

to make a certificate request for submiting to a signing authority for validation


Also :

to test certificates :
Code:

openssl asn1parse -in certificate.crt -inform pem

to read certificates :
Code:

openssl crl -noout -text -in <name>.crl
openssl x509 -noout -text -in <name>.crt
openssl req -noout -text -in <name>.csr
openssl rsa -noout -text -in <name>.pem
openssl dsaparam -noout -text -in <name>.prm


Last edited by Vlad Alexa Mancini on Tue Feb 17, 2004 7:18 am; edited 1 time in total
View user's profileSend private message
kolatracks
past contributor
past contributor


Joined: 07 Jul 2003
Posts: 313
Location: UK

PostPosted: Fri Jul 18, 2003 9:08 pm Reply with quoteBack to top

Just to make clear, in the console you might first have to type
Code:
cd c:\apache2\opssl\bin

if your not in that directory already.
View user's profileSend private message
Vlad Alexa Mancini
lead developer
lead developer


Joined: 07 Jul 2003
Posts: 1539

PostPosted: Fri Jul 18, 2003 9:14 pm Reply with quoteBack to top

not really
c:\apache2\opssl\bin is in the path like all the other bin folders Wink
View user's profileSend private message
kolatracks
past contributor
past contributor


Joined: 07 Jul 2003
Posts: 313
Location: UK

PostPosted: Sat Jul 19, 2003 12:02 am Reply with quoteBack to top

Great. Thanks, I never noticed that before.

I guess it's just another one of those things about apache2triad that makes life easier.
I love apache2triad.
View user's profileSend private message
Tekki
 
 


Joined: 12 Nov 2003
Posts: 3

PostPosted: Wed Nov 12, 2003 8:35 am Reply with quoteBack to top

Hi guys,

I was wondering if I could get some help with making a certificate request ( Signing Authority )

I followed your steps Mancini and made sure that I wasn't missing out on something and this was the error I got:


C:\apache2\opssl\cert>openssl req -new -key privkey.pem -out certificate.crt
Unable to load config info
unable to find 'distinguished_name' in config
problems making Certificate Request
3352:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or envi
ronment variable:.\crypto\conf\conf_lib.c:325:

C:\apache2\opssl\cert>

Any ideas?

Thanx
View user's profileSend private message
kristian
 
 


Joined: 16 Mar 2004
Posts: 2

PostPosted: Tue Mar 16, 2004 11:49 am Reply with quoteBack to top

LMFAO Tekki if i know what i was doing i would help Razz

dont do C:\apache2\opssl\cert try C:\apache2\opssl dont know if it will work but have a go
View user's profileSend private message
ivari
 
 


Joined: 14 Apr 2004
Posts: 2

PostPosted: Wed Apr 14, 2004 7:02 am Reply with quoteBack to top

Hello

why I can START my SSL, what must I Do and make my SSL Work

every try to START my SSL always get this error

"THE REQUESTED OPERATION HAS FILED"

what happen with my server??

Thanks Everyone
View user's profileSend private message
iceman2g
 
 


Joined: 12 Jul 2004
Posts: 1

PostPosted: Mon Jul 12, 2004 10:16 pm Reply with quoteBack to top

I've got the same question as ivari.
View user's profileSend private message
thopunk
 
 


Joined: 01 Jun 2005
Posts: 5

PostPosted: Sat Jul 30, 2005 7:45 am Reply with quoteBack to top

im getting the same error Sad
View user's profileSend private message
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Sat Jul 30, 2005 9:28 pm Reply with quoteBack to top

Thought I'd share my little batch file here that I based off of this thread. It'll setup your SSL for one site using A2T's default SSL settings.
View user's profileSend private messageYahoo MessengerICQ Number
ericwu001
 
 


Joined: 10 Jun 2004
Posts: 9

PostPosted: Fri Dec 16, 2005 10:58 pm Reply with quoteBack to top

I got the same problem when I tried to re-start SSL server after I created my own certificate. But after I renamed the old certificates back to their old names ( remove BAK from the extension ) it worked again. Tried to bring the old certificates back and it should work ... the drawback will be ... evertime somebody trys to get onto your site, security alert will pop out ...

thopunk wrote:
im getting the same error Sad
View user's profileSend private message
estore
 
 


Joined: 13 Jun 2006
Posts: 4
Location: Belene , Bulgaria

PostPosted: Fri Jun 16, 2006 2:14 pm Reply with quoteBack to top

Ok fixxed the almost stuffs here but I cant make my site run with HTTS/SSL

When i try to open https part of the web site Im getting this
Quote:
The page cannot be displayed



httpd.conf

Quote:
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
ServerAdmin webmaster@e-storebg.com
DocumentRoot C:/apache2triad/htdocs/e-storebg.com
ServerName www.e-storebg.com
ServerAlias e-storebg.com
DirectoryIndex index.php
ErrorLog C:/apache2triad//logs/www.e-storebg.com-error.log
CustomLog C:/apache2triad//logs/www.e-storebg.com-access.log combined
</VirtualHost>

<VirtualHost *:443>
ServerAdmin webmaster@e-storebg.com
DocumentRoot C:/apache2triad/htdocs/e-storebg.com
ServerName e-storebg.com
DirectoryIndex index.php
ErrorLog C:/apache2triad//logs/www.e-storebg.com-error.log
CustomLog C:/apache2triad//logs/www.e-storebg.com-access.log combined
</VirtualHost>


ssl.conf

Quote:
<VirtualHost *:443>

# General setup for the virtual host
DocumentRoot "C:/apache2triad/htdocs/e-storebg.com"
ServerName e-storebg.com:443
ServerAdmin admin@e-storebg.com
ErrorLog logs/ssl_error.log
TransferLog logs/ssl_access.log

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "C:/apache2triad/OpSSL/cert/e-storebg.com.crt"
SSLCertificateKeyFile "C:/apache2triad/OpSSL/cert/e-storebg.com.pem"


Quote:
C:\apache2triad\opssl\cert>openssl asn1parse -in e-storebg.com.crt -i
149:d=5 hl=2 l= 3 prim: OBJECT :commonName
154:d=5 hl=2 l= 13 prim: PRINTABLESTRING :e-storebg.com


Here I printed the most importand part of this check

Now Can any One tell me what I miss and where is the problem here i cant see nothing.

And tried also to change <VirtualHost *:443> to <VirtualHost e-storebg.com:443> then with this or without this to delete the part from httpd.conf for virtual host with ssl I mean to delete section e-storebg.com :443 (<VirtualHost *:443>)
Ive tried everything and I got nothing in log files i got nothing absolutley nothing actual.
And Im desperate Sad

VErsion: Apache/2.0.55 (Win32) PHP/4.4.2 mod_ssl/2.0.55 OpenSSL/0.9.8a

Thanks to all
Radoslav
View user's profileSend private messageYahoo MessengerICQ Number
Display posts from previous:      
Post new topic Reply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
Powered by phpBB © 2001, 2002 phpBB Group :: FI Theme
All times are GMT