Hello, I am indeed using Apache 1.3.12 with openssl 0.9.6. Here summarize what I did after the compilation of Apache with openssl : (1) Generate CA' certificate : # CA.pl -newca Making CA certificate ... Using configuration from /usr/local/openssl/openssl.cnf Generating a 1024 bit RSA private key ............++++++ .....++++++ writing new private key to './demoCA/private/cakey.pem' ----- ...... (2)Generate a private key/certificate rquest pair : # openssl req -new -nodes -keyout sitekey.pem -out sitereq.pem -days 3650 Using configuration from /usr/local/openssl/openssl.cnf Generating a 1024 bit RSA private key ....................................++++++ ...............................................................................+ +++++ writing new private key to 'sitekey.pem' ----- ..... (3)CA sign the certificate : # openssl ca -policy policy_anything -out cert.pem -infiles sitereq.pem Using configuration from /usr/local/openssl/openssl.cnf Check that the request matches the signature Signature ok ..... (4)Concatenate the signed certificate and key to become server certicate : # cat cert.pem sitekey.pem > sitecert.pem (5)Prepare Root CA certificate to be distributed to NS-4.x and MSIE-5 : # cp cacert.pem cacert.cacert # openssl x509 -inform pem -in cacert.pem -outform der -out cacert.der (6)Installation of Root CA certificate to browser NS and MSIE is successful. (7)Update httpsd.conf of the Apache server : ..... Listen 192.168.1.32:443 Listen 192.168.1.32:8080 Port 443 User webadm Group webgp ServerName www2.xxxx.com NameVirtualHost 192.168.1.32:443 NameVirtualHost 192.168.1.32:8080 SSLVerifyClient 0 SSLVerifyDepth 10 SSLCacheServerPort 1234 SSLCacheServerPath /usr/local/apache/bin/gcache SSLSessionCacheTimeout 15 SSLCertificateFile /usr/local/openssl/demoCA/certs/sitecert.pem SSLCertificateKeyFile /usr/local/openssl/demoCA/certs/sitekey.pem ..... <VirtualHost 192.168.1.32:8080> Port 8080 SSLDisable ServerAdmin webmaster@mail DocumentRoot /usr/local/apache/htdocs/www2 ServerName www2 ServerAlias www2.xxxx.com ErrorLog logs/www2-error_log TransferLog logs/www2-access_log </VirtualHost> ..... <VirtualHost 192.168.1.32:443> Port 443 SSLEnable SSLVerifyClient 0 SSLVerifyDepth 10 SSLCertificateFile /usr/local/openssl/demoCA/certs/sitecert.pem SSLCertificateKeyFile /usr/local/openssl/demoCA/certs/sitekey.pem ServerAdmin webmaster@mail DocumentRoot /usr/local/apache/htdocs/www2-ssl ServerName www2-ssl ServerAlias www2-ssl.xxxx.com ErrorLog logs/www2-ssl-error_log TransferLog logs/www2-ssl-access_log </VirtualHost> Question 1 : ============ While I am using Netscape to connect to the secure server, for instance, https://www-ssl , everything is fine. However, MSIE-5 returns error "The Page cannot be dispayed". Could it be solved anyway? Question 2 : ============ While I am using Verisign Test CA and server certificate, there is no problem to browse the same secure server. What are the differences between the openssl Demo CA and Verisign Test CA, which result in such problem in MSIE-5? Question 3 : ============ Is there any free-of-charge CA generating server certificate? I just want it for intranet. Regards, [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
