On Wednesday 13 August 2003 12:27, you wrote: mie mi-e clar ca lacrima, dar se pare ca openssl-ului nu prea-i place... are ceva cu fisierul serial .... unable to load number from /etc/ssl/serial error while loading serial number 9458:error:0D...:asn1 encoding routines:a2i_ASN1_INTEGER:short line:f_int.c:210
adica? el nu era /etc/ssl/serial asa ca i-am tras un touch /etc/ssl/serial ... > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wednesday 13 August 2003 12:01, you wrote: > > On Wednesday 13 August 2003 11:37, you wrote: > > > > deci, certificatul in cauza imi trebuie pentru un server Apache :) > > so...creez un cert pe care-l semnez tot yo > > deci: > > #openssl req -config /etc/ssl/openssl.cnf -new -keyout newkey.pem > > -out newcert.pem > > > > iar el acum imi cere PEM pass phrase, intrebarea e: ce tre sa bag > > aici? pe PEM pass phrase? PEM-ul root CA-ului se introduce cand se > > semneaza certificatul... > > OK!!!!! > Hai sa o luam de la inceput! > Iti trebuie Self Signed certificate, adica doua fisiere in speta > CA.key si CA.crt (asa le-am numit io) > generarea se face astfel: > > 1. openssl genrsa -des3 -out CA.key 1024 > 2. openssl req -new -x509 -days 365 -key CA.key -out CA.crt > in acest moment ai un certificat self-signed > > Acum treci la generarea certificatelor pt apache > > 1. openssl genrsa -des3 -out apache.key 1024 > aici iti cere o alta passphrase(pe care trebuie sa o introduci de > fiecare data cand iti restartezi apachu, deci sfatul meu este sa > scoti acel "des3" si atunci nu te va mai intreba de passphrase) > 2 openssl req -new -key apache.key -out apache.csr -days 365 > in acest moment trebuie sa semnezi apache.csr cu autoritatea pe care > ai creat mai sus > 3 openssl ca -config fisier_de_config.cnf -out apache.crt -infiles > apache.csr > 4 openssl verify -CAfile CA.crt apache.crt > din acest moment nu mai ai nevoie de apache.csr(poti sa-l stergi) > > si atata tot > m-am facut inteles? > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > On Wednesday 13 August 2003 11:10, you wrote: > > > > Am configurat un root CA, am creat un self-signed cert si am > > > > cacert.pem si cakey.pem in /etc/ssl respectiv /etc/ssl/private/ > > > > in /etc/ssl/openssl.cnf am setat dir = /etc/ssl > > > > si totul e ok. > > > > Cand dau sa creez un nou certificat > > > > #openssl req -config /etc/ssl/openssl.cnf -new -keyout > > > > newreq.pem -out newreq.pem -days 365 > > > > > > > > imi cere PEM pass phrase...indiferent daca bag PEM pass > > > > phrase-ul root CA-ului, sau orice altceva, imi creaza noul > > > > certificat. E normal? > > > > > > pasii sunt urmatorii: > > > > > > 1. creare certificat nou > > > openssl genrsa -des3 -out ce_vrei_tu.key 1024 > > > 2. certificate signing request > > > openssl req -new -key ce_vrei_tu.key -out ce_vrei_tu.csr -days > > > 365 3. semnarea efectiva certificatului > > > openssl ca -config fisier_de_config.cnf -out ce_vrei_tu.crt > > > -infiles ce_vrei_tu.csr > > > 4. verificare certificat > > > openssl verify -CAfile /unde/este/CA.crt > > > /unde/este/ce_vrei_tu.crt > > > > > > > > > - -- > > > Cu respect/Best Regards, > > > Adrian Mazarache > > > > > > Public key: http://london.forte.ro/mazasign.asc > > > > > > -----BEGIN PGP SIGNATURE----- > > > Version: GnuPG v1.2.2 (GNU/Linux) > > > > > > iD8DBQE/OfjoEbm/AUY3ZdkRAtb4AJ4ukur4nMnskHbmcvAy20hlVWVrkACff/EF > > > mSaawitSfQDp6UI6gnBZSr4= > > > =EZhT > > > -----END PGP SIGNATURE----- > > > > > > --- > > > Detalii despre listele noastre de mail: http://www.lug.ro/ > > - -- > Cu respect/Best Regards, > Adrian Mazarache > > Public key: http://london.forte.ro/mazasign.asc > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.2 (GNU/Linux) > > iD8DBQE/OgSHEbm/AUY3ZdkRAmadAKDRR5WpICFhL+lXHnau8LByavkzCgCdEE5T > 0D2HsC7S5meaBEmI3KWFrmw= > =oDUt > -----END PGP SIGNATURE----- > > --- > Detalii despre listele noastre de mail: http://www.lug.ro/ -- Stefan, a simple Debian user. Linux registered user: #272012 [Linux is Friendly. It's just selective about who his friends are.] --- Detalii despre listele noastre de mail: http://www.lug.ro/
