Re: Problems for install a Verisign Certificate

Sat, 09 Mar 2002 11:48:37 -0800 

Dear Miguel,
I'm rather new to this topic but I think I understand your problem and may
have a cure.  Put your directives in a <virtual host> section, and you need
to point the server to where your CERT and key are stored.  I believe you
will have already generated the private.key file when you created the
private.csr file.   These need to match as they are CERT pairs.

Something like the following in the httpd.conf file worked for me.

SSLCertificateFile /path/to/certdirectory/ssl.crt/private.crt
SSLCertificateKeyFile /path/to/certdirectory/ssl.key/private.key

I currently have these directives serving the whole server, but as I
understand it, one could put these in a <VirtualHost> section as well, for
example with
<Virtual Host XXX.XXX.XXX.XXX:443>
DocumentRoot /www/secureserver/directory (wherever you want to serve up your
secure web pages).
SSLCertificateFile /path/to/certdirectory/ssl.crt/domain.crt
SSLCertificateKeyFile /path/to/certdirectory/ssl.key/domain.key
</Virtual Host>

Keep in mind that I have limited understanding but the above HAS worked for
me and maybe it will work for you.

And from recent discussions here, I've begun to believe that for more that
one SSL-enabled host, directives like the following may allow you to host
multiple sites. This web site speaks more on this topic,
http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910170&w=2 but is
short on examples.  (Anyone wanting to provide exact examples that implement
multiple SSL implementations, on ONE IP-address, this would be greatly
appreciated).  I'm sure the answers are out there somewhere but so far, they
remain illusive to me.

<Virtual Host XXX.XXX.XXX.XXX:8443>
Port 8443
Listen 8443
SSLCertificateFile /path/to/certdirectory/ssl.crt/domain.crt
SSLCertificateKeyFile /path/to/certdirectory/ssl.key/domain.key
</Virtual Host>

Good luck!

Andrew Lietzow
The ACL Group, Inc.


----- Original Message -----
From: "Miguel Angel Gomez Animas" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 08, 2002 8:06 PM
Subject: Problems for install a Verisign Certificate


> Hi.....
>
> I need help to install a certificate, by defaul when I installed Linux 7.0
Apache server is installed too. And i didn't have any troubles to able de
SSL server, as you know, by default is installed a demo certificate. I need
to change this certificate by a verisign certificate.
>
> Let me explain the process to create the csr requirement.
>
> 1.- In he directory /etc/httpd/conf/ssl.crt  execute the follow command:
>     openssl req -new -nodes -keyout private.key -out public.csr
>
> And Filled the fields with the necesary data ( State, City, Email...etc..)
> It generate  a privated key named public.csr
>
> This file (public.csr) I used for request in Verisign, I requested a Trail
ID,and thay email me back a key.
>
> 2.- The key that Verisign send me back I saved in the directory
/etc/httpd/conf/ssl.crt with the name server.crt
>
> 3.- I restarted the apache webserver, but this error appear:
>
> Starting httpd: [FAILED]
>
>
> Can you tell me what is wrong.... maybe I lost some step....
>
> I really apreciate your help....Thnaks a lot!!!
>
> Regards!!!!
>
> --
> ________________________________________
> Miguel Angel Gómez Animas
> mailto:[EMAIL PROTECTED]
> URL: http://sites.netscape.net/miguelangelga/homepage
>
>
>
> __________________________________________________________________
> Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop@Netscape!
http://shopnow.netscape.com/
>
> Get your own FREE, personal Netscape Mail account today at
http://webmail.netscape.com/
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to