Hello
Ralf S. Engelschall wrote:
> > Question1: why SSLeay wants config file (which I haven't) when I am
> > generating CSR?
>
> SSLeay at least wants to find the default values for the interactive prompts
> and some other information on how to generate the CSR.
>
Nice idea, but refusing to start isn't. And then it looks like you have to edit
config file so
that SSLeay can read information from it, which of course isn't necessary.
> > Question2: why documentation does't say that you must have some config
> > file?
>
> Which documentation do you mean? mod_ssl or SSLeay's? But when you have a
> correct installation you usually have such a ssleay.cnf installed. Seems like
> your installation is broken a little bit.
>
I think both. Look yourself and you will see that there are almost nothing about
config file and
completely nothing about it's purpose. But it's mainly fault of SSLeay
documentation which is horrible.
I have installed SSLeay into another directory - nothing special I think.
> > 3.So after reading mod-ssl's makefiles I add "-config .mkcert.cfg"
> > parameter.
>
> Ok, why don't you use "make certificate". mod_ssl's mkcert.sh automatically
> places a correct server.csr into the conf/ssl.csr/ directory you can send to
> Verisign. Information about this is even printed at the end of mkcert.sh's
> processing. This way you don't have to fiddle yourself with the various SSLeay
> options.
>
Yes, but which option points to "generate CSR"?
> > Question4: Are there any problems with CSR files generated this way at
> > Verisign?
>
> No, as long as your "ssleay req -noout -text -in <file>" gives you the correct
> DN it should not make problems.
>
Hm. What is DN ?
Information I has put in seems to be correct, but where should I search for DN?
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=US, ST=New Jersey, L=Roseland, O=Inkflow, Inc., OU=Adela team
, [EMAIL PROTECTED]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:d2:6e:2b:a2:5e:d7:62:a9:16:c8:e4:03:b3:00:
97:e0:79:32:59:8d:8f:34:61:3a:76:05:3d:91:c1:
21:de:30:ec:07:17:7c:e3:bc:06:7d:50:96:dd:a4:
df:6c:e9:36:31:bd:18:15:b1:36:a0:d7:23:93:b3:
53:33:fd:81:37:d1:03:e1:46:e8:f1:2a:b4:e6:08:
56:77:30:bf:43:29:c9:67:a8:da:a6:66:c9:98:f3:
e7:a1:f0:cc:96:3a:16:99:76:5b:c3:47:ae:4a:55:
6e:e7:c7:1e:3a:04:2f:51:b3:10:48:45:2b:1e:ce:
f4:0e:2f:f8:b4:d5:36:82:ef
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: md5WithRSAEncryption
71:93:67:8b:eb:76:82:ff:01:d0:9b:c8:f0:da:93:37:dc:2a:
67:29:53:85:19:5b:40:95:d3:64:59:45:da:94:78:f0:6b:95:
7d:e6:d3:31:ca:dc:50:b2:c3:0e:22:6a:7f:4d:09:31:d1:6c:
4b:73:56:b1:65:00:e0:18:1f:1f:e4:48:5d:cd:d4:a6:71:70:
dc:21:f5:0b:07:ea:8c:59:a3:36:85:33:41:10:0f:3d:b2:ce:
2a:ef:3d:e0:c5:c3:b6:b4:bd:23:df:80:8f:2f:1f:78:03:5f:
3c:1d:e9:3e:e1:2c:f6:7b:3b:83:c7:1a:d8:d8:45:73:9d:7e:
d9:2b
>
> > Question5: I have successfully installed apache + mod-sll + jserv. What
> > should I do to install certificate received from Verisign and my private
> > key?
>
> Just replace the installed etc/ssl.crt/server.crt with the certificate
> Verisign sends you and the etc/ssl.key/server.key with the private key you
> generated under 1.).
>
Yes, this thing is clear. thanks.
Please ,don't get angry from this mail. :-)
but moving among these security terms makes me mad.
MArtin Kuzela
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
