On Wed, Jan 27, 1999, Adam Nealis wrote:
> I've got a bit of a non-standard setup (I think).
>
> OS is FreeBSD 2.2.7-STABLE, and the way I have installed mod-ssl is via the
> ports method. That is, a pre-packaged apache + mod-ssl was installed. I know
> that, along the way, ssleay is installed, but there is no /usr/local/ssl, for
> example. So I fancy that only part of the ssleay package was built. i.e., enough
> to get apache + mod_ssl going.
>
> I now have a Verisign certificate to install - I used ssleay with no problems to
> generate my CSR and submit it.
>
> Am I right in thinking that getca is an "external" programme to ssleay? i.e., as
> implied by all the docs I have I must do
>
> getca my.secure.host < digitalcertificate.file
>
> rather than
>
> ssleay getca my.secure.host < digitalcertificate.file ?
>
> if so, can I find the missing bits from a vanilla build of SSLeay-0.9.0b, or am
> I looking in the wrong place?
No, it's neither your problem not my fault. It's just because Versign is
braindead enough to only provide information for a single Apache SSL solution
(Stronghold), although they should know that over the half of their
Apache-based customers use Apache-SSL or mod_ssl. The "getca" is a script of
the Stronghold distribution. And it it's a trivial one. You don't need it.
Just copy the digitalcertificate.file and the corresponding private key to
wherever you want and refernece them via SSLCertificateFile and
SSLCertificateKeyFile. That's all. I would really appreciate that Versign
extend their nasty documention.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
