Hello! I want to set up an Apache-SSL server on a SparcStation/20 with two processors and Debian/Slink installed. Firstly, I compiled the sources (openssl 0.9.3a and ApacheSSL 1.3.6/1.35) and set up the server. It failed with an I/O error (during security authentication), although it works on my Debian/x86 system at home (with apache-ssl 1.3.6-9). In both cases I have created a CA certificate and then a server certificate with it. The CA certificate can be loaded into the browser, but then the I/O error occured.
So I have built openssl-0.9.2b-1 with $ dpkg-source -x openssl...dsc # debian/rules binary I wonder why L_ENDIAN is defined for the debian-sparc configuration, SPARC is big endian as far as I know. Could this be documented? Has anyone had success with setting up a secure web server on the Debian-sparc architecture? I have done the following to create the certificates: openssl.cnf: ------------ [...] [ CA_default ] dir = /etc/ssl # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/private/cacert.pem # The CA certificate serial = $dir/serial # The current serial number crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert # The extentions to add to the cert [...] # This is OK for an SSL server. nsCertType = server CA certificate: --------------- mkdir $ssldir/newcerts mkdir $ssldir/crl echo "01" >$ssldir/serial touch $ssldir/index.txt openssl req -new -x509 -keyout /etc/ssl/private/cakey.pem \ -out /etc/ssl/private/cacert.pem -config /etc/ssl/openssl.cnf server certificate: ------------------- 1. create request: openssl req -new -keyout /etc/apache-ssl/newkey.pem \ -out /etc/apche-ssl/newreq.pem -days 360 -config /etc/ssl/openssl.cnf cd /etc/apache-ssl cat newreq.pem newkey.pem > new.pem 2. sign request with CA (enter CA password if you have one) openssl ca -out newcert.pem -config /etc/ssl/openssl.cnf -infile new.pem cp newcert.pem $ssldir/certs/sitecert.pem cp newkey.pem $ssldir/certs/sitekey.pem cd $ssldir/certs ln -s sitecert.pem `$ssldir/bin/openssl x509 -noout -hash < sitecert.pem`.0 for every start of the web server you have to enter the server cert pass phrase (during booting, the apache-ssl start script waits for the secret...) ================================================================== Thanks for your help! -- André Heynatz http://www.informatik.uni-bremen.de/~tron/ Support non-Wintel (http://www.convergence.org/)
