On 02:00 Wed 26 Jul , itboi wrote:
>
> Hi.
> I installed openca success with http protocol, but when i access to ra,
> ldap, pub with
> http://192.168.0.1/cgi-bin/ra/RAServer?cmd=getStaticPage&name=index
> it display "Error 6251026
> General Error Aborting connection - you are using a wrong security protocol
> (http)."
> and I can't run with https://192.168.0.1/ca/ also i configed my system
> flowing http://ist.uwaterloo.ca/security/lib-proxy/howto/ssleay/ docs
>
> But in the doc i don't understand two lines:
>
> SSLCertificateFile /software/sslCerts-1/config/certs/httpsd.pem
> SSLCertificateKeyFile /software/sslCerts-1/config/certs/private/httpsd.pem
>
> That /software/sslCerts-1/config/certs/httpsd.pem file and
> /software/sslCerts-1/config/certs/private/httpsd.pem from where and how to
> create it?
> For openca i can make and find it from where?
>
You must generate these two files. Here is a howto :
$ cd /root
$ chmod 700 .
$ umask 077
$ mkdir mypki
$ cd mypki
$ mkdir certs
$ mkdir private
$ touch index.txt
$ echo '01' > serial
$ vi openssl.cnf
$ export OPENSSL_CONF="openssl.cnf"
$ openssl req -newkey rsa -x509 -subj '/C=US/O=MyOrg/OU=MyUnit/CN=MyRootCA'
-out cacert.pem
Generating a 2048 bit RSA private key
....................................................+++
.............................+++
writing new private key to './private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
$ export -n OPENSSL_CONF
$ openssl req -newkey rsa:1024 -keyout server.key -nodes -subj
'/C=US/O=MyOrg/OU=MyUnit/CN=localhost' -out server.req
Generating a 1024 bit RSA private key
.......................................++++++
.............................++++++
writing new private key to 'server.key'
-----
$ export OPENSSL_CONF="openssl.cnf"
$ openssl ca -in server.req -out server.crt
Using configuration from openssl.cnf
Enter pass phrase for ./private/cakey.pem:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
organizationName :PRINTABLE:'MyOrg'
organizationalUnitName:PRINTABLE:'MyUnit'
commonName :PRINTABLE:'localhost'
Certificate is to be certified until Jul 26 09:28:28 2007 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
$ cat server.key
$ cat server.crt
Some explanations :
- server.crt is the certificate for your web server
- server.key is the private key for your web server (keep it secret !)
- the content of openssl.cnf is given in the attached file
For more information :
- man openssl
Regards,
Nicolas.
[ ca ]
default_ca = mypki
[ mypki ]
dir = .
certificate = $dir/cacert.pem
database = $dir/index.txt
new_certs_dir = $dir/certs
private_key = $dir/private/cakey.pem
serial = $dir/serial
x509_extensions = mypki_ext
default_md = md5
default_days = 365
policy = mypki_policy
[ mypki_policy ]
[ mypki_ext ]
basicConstraints = CA:false
[ req ]
default_bits = 2048
default_keyfile = ./private/cakey.pem
prompt = no
distinguished_name = root-ca_DN
x509_extensions = root-ca_ext
[ root-ca_DN ]
commonName = MyRootCA
organizationalUnitName = MyUnit
organizationName = MyOrg
countryName = US
[ root-ca_ext ]
basicConstraints = CA:true
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
