Hello,
I hope this isn't too far OT for this list, but alas, I have been unable to
sign up for the OpenSA list, and really, I think it has to do with a
combination of the above, the likely culprit being the way that I am
generating a csr, the key to it, or both.
Following the OpenSSL HOW-TO, I generated a private key (privkey.pem) with
the following:
genrsa -out privkey.pem -des3 1024
I then used this key to generate a csr as follows:
openssl req -new -key privkey.pem -out corridor.csr
I had Verisign sign it, and installed it in OpenSA, and I am able to
establish secure connections, BUT! (Very big but)
In order to start Apache (this is Windows, too, bleah; I am evaluating
OpenSA for Windows for a client), I must allow it to interact with the
desktop, because it requires that I enter the passphrase for the .pem file.
At least that is what I am assuming the passphrase is for. If I attempt to
start OpenSA as a service, it hangs forever, because there is no interface
for me to enter the passphrase (I have modified httpd.conf to always load
mod_ssl so that I could start it as an NT service; by default there is an
IfDefine in there that wouldn't let mod_ssl load when run as a service), at
least that is what I am assuming, it is sitting there patiently waiting for
me to enter a passphrase...
In some documentation somewhere (can't recall what it went to) it said that
if I am forced to enter a passphrase, I generated the key incorrectly, but
I also followed the standard mantra of RTFM before I started, soooo...
I need Apache to run as a Windows 2k Service, with SSL enabled (OpenSA, I
keep forgetting this is an altered Apache).
Can anyone point me in the right direction? I know this is probably the
"newbiest" question this list has seen in a long time, but I could sure use
the help!
TIA,
--Scott Brown
-------------------------------------------------------------------------------
This message was processed by Mail Filter Extension
http://sssolutions.net/mf/
-------------------------------------------------------------------------------
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
- Additional parameters in callback function Sunitha Kumar
- Re: Additional parameters in callback functi... Rich Salz
- Re: OT? genrsa, certs, OpenSA Scott Brown
- Re: OT? genrsa, certs, OpenSA Merton Campbell Crockett
- Re: OT? genrsa, certs, OpenSA Scott Brown
- Does the Web server have to run ... Mark Liu
