yeap................. when i say "/usr/local/apache/bin/httpd start" httpd gets started but, i get some message also, which goes " could not determine server's fully qualified domain name, using 127.0.0.1 for servername " " httpd started". if i say " /usr/local/apache/bin/apachectl start" also, i get the same message.
and in either case, if i type "https://yogi " (it is host name on my machine) in netscape will result in " netscape's network connection was refused by the server yogi. The server may not be accepting connections or may be busy try connecting again later" and if i say "/usr/local/apache/bin/apachectl startssl", i get the certificate, but only the snake oil stuff. i killed and restarted the daemon atleast 20 times after i generated and copied the certificates. any ideas.....? regards murali krishna vemuri Peer Stefan wrote: > hmm, you did stop and start your apache? because restart didn't work for me > either ... > you'll have to stop apache and wait, until no more processes are left and > then start it again. > > cheers, > Stefan > > -----Urspr�ngliche Nachricht----- > Von: Murali K. Vemuri [mailto:[EMAIL PROTECTED]] > Gesendet: Dienstag, 23. Oktober 2001 09:17 > An: [EMAIL PROTECTED] > Betreff: Re: issuing certificate > > hi, > i could make a certificate in the way given by you. > i copied the .crt and .key files into /etc/httpd/conf/ssl.crt/server.crt and > ../ssl.key/server.key respectively and then restarted the httpd. > after that i set the multi.crt ( i created like this instead of your > suggested > kiwi.crt) and multi.key > paths in the httpd conf file in the /etc/httpd/conf/httpd.conf file . > i am attaching the relevant portions of the httpd.conf file here. > now, to test whether my certificate works or not, i typed > openssl -x509 -noout -text -in multi.crt > i observe that the certificate is same as was generted by me. > but, when i open netscape and type https://yogi (it is my host name), i get > the > same old certificate > which is "snake oil ' etc......... > can some one tell me how i can get rid of that "snake oil" certificate for > ever ? > is there any documentation available out there? > regards > murali krishna vemuri > > Owen Boyle wrote:"Murali K. Vemuri" wrote: > > > > > > when i type make certificate, i get a certificate signed by Snake Oil CA > > > etc... > > > can someone please tell me how i can change these..? > > > > When starting out, it is easiest to make your own certificates. Later, > > you can buy a proper certificate. This is the procedure I use: > > > > Rgds, > > > > Owen Boyle. > > > > Making self signed certificates: > > ++++++++++++++++++++++++++++++++ > > > > NB: These certificates contain no pass-phrase so do not need user input > > when you start apache. Also, can be used by any server... > > > > 1) Make a random data file and set it up as $RANDFILE > > > > # cd /usr/local/apache/ssl/certs > > # PATH=$PATH:/usr/local/apache/bin > > # export PATH > > # cp /var/cron/olog temp > > # gzip temp > > # mv temp.gz random_data > > # RANDFILE=/usr/local/apache/ssl/certs/random_data > > # export RANDFILE > > > > 2) Create a RSA private key and certificate for our Certificate > > Authority > > > > # openssl genrsa -des3 -out ca.key 1024 > > password is "CA_PASSWORD" > > Now make the certificate using the private key. > > # openssl req -new -x509 -days 365 -key ca.key -out ca.crt > > > > 3) Now make a Certificate Signing Request for www.kiwi.com > > > > # openssl genrsa -des3 -out kiwi.key 1024 > > # openssl rsa -in kiwi.key -out banana > > # mv banana kiwi.key > > # openssl req -new -key kiwi.key -out kiwi.csr > > > > 4) And sign it > > > > # ./sign.sh kiwi.csr > > > > Now we have > > > > ca.crt Certificate Authority certificate > > ca.db.certs ) CA databases, holding > > ca.db.index ) details of certificates > > ca.db.serial ) issued > > ca.key Certificate Authority private key > > random_data for random routines > > sign.sh script for signing certificates > > kiwi.crt www.kiwi.com certificate (sent with SSL requests) > > kiwi.csr KIWI certificate signing request (not really needed > anymore) > > kiwi.key www.kiwi.com private key (decrypts public-key encoded > messages) > > > > - summary of commands > > > > # openssl genrsa -des3 -out www.kiwi.com.key 1024 > > # openssl rsa -in www.kiwi.com.key -out banana > > # mv banana www.kiwi.com.key > > # openssl req -new -key www.kiwi.com.key -out www.kiwi.com.csr > > # ./sign.sh www.kiwi.com.csr > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
