DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21912>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21912 Apache SSL certificate problem Summary: Apache SSL certificate problem Product: Apache httpd-2.0 Version: 2.0.46 Platform: Sun OS/Version: Solaris Status: NEW Severity: Critical Priority: Other Component: mod_ssl AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Dear, I will required to setup the Apache SSL using Apache 2.0 and OpenSSL running at Sun Solaris 2.8. After I follow the Apache documentation to generate the SSL certificate key, I encounter the problem of my Certificate Signing Request (CSR) is not self-signed. Could you please advise us on this issue? I will using the openssl to generate the private key and CSR with the following steps:- 1) Create a RSA private key: $ openssl genrsa -des3 -out server.key 1024 2) Create a Certificate Signing Request (CSR) with the server RSA private key: $ openssl req -new -key server.key -out server.csr But after i submit this CSR to Thawte (https://www.thawte.com) for signing, it give me the 'Your CSR is not self-signed.' error message. May i know why my CSR is not self signed? After that, I found that Apache documentation also mentioned it can using own CA to sign the CSR. So, i will signed the CSR with the following additional steps :- 1) Create a RSA private key for my own CA: $ openssl genrsa -des3 -out ca.key 1024 2) Create a self-signed CA Certificate (X509 structure) with the RSA key of the CA: $ openssl req -new -x509 -days 365 -key ca.key -out ca.crt 3) Use the sign.sh (see details at attachment) script for signing. $ ./sign.sh server.csr I get the following error message during the execution of the sign.sh script:- # echo # ./sign.sh server.csr CA signing: server.csr -> server.crt: Using configuration from ca.config Enter PEM pass phrase: Check that the request matches the signature Signature did not match the certificate request CA verifying: server.crt <-> CA cert server.crt: unable to load certificate file 1680:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:666:Expecting: CERTIFICATE Thanks in advance. Thanks and Regards Pang Wei Chen --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
