Re: URGENT Help needed as I'm new to SSL

Tue, 19 Jun 2001 00:07:49 -0700 

> Vinay Ram P S wrote:
> 
>     [Tue Jun 19 10:35:33 2001] [error] Failed to resolve server name
> for 192.168.1.8
>     (check DNS) -- or specify an explicit ServerName
>     Apache/1.3.20 (Win32) mod_ssl/2.8.4 OpenSSL/0.9.6a running...
> 
>     In <APACHE_HOME>/conf/httpd.conf
>     I 've given
>     ServerName  192.168.1.8

This is the wrong place to put an IP address. Let's assume your machine
is called "banana" and has the IP address 192.168.1.8 - then you should
have:

<VirtualHost 192.168.1.8:443>
ServerName banana
DocumentRoot <path-to-your-files>
...
</VirtualHost>

There has to be something on your system which will translate machine
names to IP addresses. This could be /etc/hosts, NIS, DNS (on unix) or
WINS (on windows) or whatever.. 

>     When I request with following URL    http://localhost:443/
>     correct page is displayed. 
>     But When I request with following URL    http://192.168.1.8:443/
>     No page is displayed.

Try setting the VirtualHost definition as above.

>     Can anybody help me in resolving the above problem and also
> requesting the page
>     using https rather than http

You have to do this in the browser - simply type
"https://192.168.1.8:443/"; in the location window. The browser has to
know in advance that the site is SSL.

>     Another question. while creating a certificate using
>     i)openssl req -config openssl.cnf -new -out my-server.csr
>     ii)openssl rsa -in privkey.pem -out my-server.key
>     iii)openssl x509 -in my-server.csr -out my-server.cert -req
> -signkey my-server.key -days 365
>     Is my-server is equivalent to my machine name or IP address?

"my-server" is just any old filename. It is simply used to name the
files containing your certificate and key. The important thing is that
it matches the SSL file directives in httpd.conf. For example, if you
choose "banana" as the filename root, you would have:

# openssl req -config openssl.cnf -new -out banana.csr
# openssl rsa -in privkey.pem -out banana.key
# openssl x509 -in banana.csr -out banana.cert -req -signkey banana.key
-days 365

then in httpd.conf:

SSLCertificateFile    <path-to-certificate-directory>\banana.cert
SSLCertificateKeyFile <path-to-key-directory>\banana.key

General Tip:
------------

Think of SSL as a port-based virtual-host which listens to port 443.
Give it its own <VirtualHost> definition and keep its content separate
from any non-SSL content (i.e. have a separate directory for SSL files).
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to