Hello,

I am indeed using Apache 1.3.12 with openssl 0.9.6.  Here summarize what I did
after the compilation of Apache with openssl :

(1) Generate CA' certificate :
# CA.pl -newca
Making CA certificate ...
Using configuration from /usr/local/openssl/openssl.cnf
Generating a 1024 bit RSA private key
............++++++
.....++++++
writing new private key to './demoCA/private/cakey.pem'
-----
......

(2)Generate a private key/certificate rquest pair :
# openssl req -new -nodes -keyout sitekey.pem -out sitereq.pem -days 3650
Using configuration from /usr/local/openssl/openssl.cnf
Generating a 1024 bit RSA private key
....................................++++++
...............................................................................+
+++++
writing new private key to 'sitekey.pem'
-----
.....

(3)CA sign the certificate :
# openssl ca -policy policy_anything -out cert.pem -infiles sitereq.pem
Using configuration from /usr/local/openssl/openssl.cnf
Check that the request matches the signature
Signature ok
.....

(4)Concatenate the signed certificate and key to become server certicate :
# cat cert.pem sitekey.pem > sitecert.pem

(5)Prepare Root CA certificate to be distributed to NS-4.x and MSIE-5 :
# cp cacert.pem cacert.cacert
# openssl x509 -inform pem -in cacert.pem -outform der -out cacert.der

(6)Installation of Root CA certificate to browser NS and MSIE is successful.

(7)Update httpsd.conf of the Apache server :
.....
Listen 192.168.1.32:443
Listen 192.168.1.32:8080
Port 443
User webadm
Group webgp
ServerName www2.xxxx.com
NameVirtualHost 192.168.1.32:443
NameVirtualHost 192.168.1.32:8080
SSLVerifyClient 0
SSLVerifyDepth 10
SSLCacheServerPort 1234
SSLCacheServerPath /usr/local/apache/bin/gcache
SSLSessionCacheTimeout 15
SSLCertificateFile /usr/local/openssl/demoCA/certs/sitecert.pem
SSLCertificateKeyFile /usr/local/openssl/demoCA/certs/sitekey.pem
.....
<VirtualHost 192.168.1.32:8080>
Port 8080
SSLDisable
ServerAdmin webmaster@mail
DocumentRoot /usr/local/apache/htdocs/www2
ServerName www2
ServerAlias www2.xxxx.com
ErrorLog logs/www2-error_log
TransferLog logs/www2-access_log
</VirtualHost>
.....
<VirtualHost 192.168.1.32:443>
Port 443
SSLEnable
SSLVerifyClient 0
SSLVerifyDepth 10
SSLCertificateFile /usr/local/openssl/demoCA/certs/sitecert.pem
SSLCertificateKeyFile /usr/local/openssl/demoCA/certs/sitekey.pem
ServerAdmin webmaster@mail
DocumentRoot /usr/local/apache/htdocs/www2-ssl
ServerName www2-ssl
ServerAlias www2-ssl.xxxx.com
ErrorLog logs/www2-ssl-error_log
TransferLog logs/www2-ssl-access_log
</VirtualHost>

Question 1 :
============
While I am using Netscape to connect to the secure server, for instance,
https://www-ssl , everything is fine.  However, MSIE-5 returns error "The Page
cannot be dispayed".  Could it be solved anyway?

Question 2 :
============
While I am using Verisign Test CA and server certificate, there is no problem to
browse the same secure server.  What are the differences between the openssl
Demo CA and Verisign Test CA, which result in such problem in MSIE-5?

Question 3 :
============
Is there any free-of-charge CA generating server certificate? I just want it for
intranet.

Regards,
[EMAIL PROTECTED]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to