> Country Name (2 letter code) [AU]:US
> State or Province Name (full name) [Some-State]:Ohio
> Locality Name (eg, city) []:Lakewood
> Organization Name (eg, company) [Internet Widgits Pty Ltd]:The
> UserFriendly Netw
> ork
> Organizational Unit Name (eg, section) []:Certificate Authority
> Common Name (eg, YOUR name) []:UFN CA
Nope, needs to be something like secure.userfriendly.net. It's the machine
name, not anything else that might be hinted at by calling it Common Name.
> Email Address []:[EMAIL PROTECTED]
>
>
> 3) /usr/share/ssl/mod_ssl/ openssl genrsa -des3 -out server.key 1024
> 1112 semi-random bytes loaded
> Generating RSA private key, 1024 bit long modulus
> .......+++++
> ..............................+++++
> e is 65537 (0x10001)
> Enter PEM pass phrase:
> Verifying password - Enter PEM pass phrase:
>
> 4) /usr/share/ssl/mod_ssl/ openssl req -new -key server.key -out
> server.csr
> Using configuration from /usr/local/openssl/openssl.cnf
> Enter PEM pass phrase:
> You are about to be asked to enter information that will be incorporated
> into your certificate request.
> What you are about to enter is what is called a Distinguished Name or a
> DN.
> There are quite a few fields but you can leave some blank
> For some fields there will be a default value,
> If you enter '.', the field will be left blank.
> -----
> Country Name (2 letter code) [AU]:US
> State or Province Name (full name) [Some-State]:Ohio
> Locality Name (eg, city) []:Lakewood
> Organization Name (eg, company) [Internet Widgits Pty Ltd]:The
> UserFriendly Netw
> ork
> Organizational Unit Name (eg, section) []:Web Development Unit
> Common Name (eg, YOUR name) []:www.userfriendly.net
> Email Address []:[EMAIL PROTECTED]
>
> Please enter the following 'extra' attributes
> to be sent with your certificate request
> A challenge password []:
> An optional company name []:
>
> 5) /usr/share/ssl/mod_ssl/ ./sign.sh server.csr
> CA signing: server.csr -> server.crt:
> Using configuration from ca.config
> Enter PEM pass phrase:
> Check that the request matches the signature
> Signature ok
> The Subjects Distinguished Name is as follows
> countryName :PRINTABLE:'US'
> stateOrProvinceName :PRINTABLE:'Ohio'
> localityName :PRINTABLE:'Lakewood'
> organizationName :PRINTABLE:'The UserFriendly Network'
> organizationalUnitName:PRINTABLE:'Web Development Unit'
> commonName :PRINTABLE:'www.userfriendly.net'
> emailAddress :IA5STRING:'[EMAIL PROTECTED]'
> Certificate is to be certified until Nov 6 02:06:59 2000 GMT (365 days)
> Sign the certificate? [y/n]:y
>
> 1 out of 1 certificate requests certified, commit? [y/n]y
> Write out database with 1 new entries
> Data Base Updated
> CA verifying: server.crt <-> CA cert
> server.crt: OK
>
>
> 6) /usr/share/ssl/mod_ssl/ openssl rsa -in server.key.org -out
> server.key
> read RSA private key
> Enter PEM pass phrase:
> writing RSA private key
>
>
> 7) ۲��root@niteowl����۲�� Sat Nov 6 09:07:35pm
> /usr/share/ssl/mod_ssl/ chmod 400 server.key
> ۲��root@niteowl����۲�� Sat Nov 6 09:07:43pm
> /usr/share/ssl/mod_ssl/ cp server.crt /etc/httpd/conf/
> cp: overwrite `/etc/httpd/conf/server.crt'? y
> ۲��root@niteowl����۲�� Sat Nov 6 09:07:54pm
> /usr/share/ssl/mod_ssl/ cp server.key /etc/httpd/conf/
> cp: overwrite `/etc/httpd/conf/server.key'? y
> ۲��root@niteowl����۲�� Sat Nov 6 09:07:59pm
> /usr/share/ssl/mod_ssl/ /etc/rc.d/init.d/httpd restart
>
>
> I restarted the webserver and STILL get the annoying message about the
> signature:
>
> "The server's certificate has an invalid signature. You will not be able
> to connect to this site securely."
>
> Now, i took your advice as evidenced above, and still got the same
> result. Any ideas?
>
> Regards
> --
> Michael B. Weiner
> Systems Administrator/Partner
> The UserFriendly Network (UFN)
> --
>
> / / (_)__ __ ____ __
> / /__/ / _ \/ // /\ \/ /
> /____/_/_//_/\_,_/ /_/\_\
>
> * * * CHOICE OF A GNU GENERATION * * *
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
Dom Gallagher ([EMAIL PROTECTED])
Systems Administrator
Stayfree Internet
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
