On Wednesday 13 August 2003 12:38, you wrote: 01 sorry, sunt un biet lam3r plzzz forgive me :)
> On Wednesday 13 August 2003 12:27, you wrote: > > mie mi-e clar ca lacrima, dar se pare ca openssl-ului nu prea-i > place... are ceva cu fisierul serial .... > unable to load number from /etc/ssl/serial > error while loading serial number > 9458:error:0D...:asn1 encoding routines:a2i_ASN1_INTEGER:short > line:f_int.c:210 > > adica? el nu era /etc/ssl/serial asa ca i-am tras un touch > /etc/ssl/serial ... > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On Wednesday 13 August 2003 12:01, you wrote: > > > On Wednesday 13 August 2003 11:37, you wrote: > > > > > > deci, certificatul in cauza imi trebuie pentru un server Apache > > > :) so...creez un cert pe care-l semnez tot yo > > > deci: > > > #openssl req -config /etc/ssl/openssl.cnf -new -keyout newkey.pem > > > -out newcert.pem > > > > > > iar el acum imi cere PEM pass phrase, intrebarea e: ce tre sa bag > > > aici? pe PEM pass phrase? PEM-ul root CA-ului se introduce cand > > > se semneaza certificatul... > > > > OK!!!!! > > Hai sa o luam de la inceput! > > Iti trebuie Self Signed certificate, adica doua fisiere in speta > > CA.key si CA.crt (asa le-am numit io) > > generarea se face astfel: > > > > 1. openssl genrsa -des3 -out CA.key 1024 > > 2. openssl req -new -x509 -days 365 -key CA.key -out CA.crt > > in acest moment ai un certificat self-signed > > > > Acum treci la generarea certificatelor pt apache > > > > 1. openssl genrsa -des3 -out apache.key 1024 > > aici iti cere o alta passphrase(pe care trebuie sa o introduci de > > fiecare data cand iti restartezi apachu, deci sfatul meu este sa > > scoti acel "des3" si atunci nu te va mai intreba de passphrase) > > 2 openssl req -new -key apache.key -out apache.csr -days 365 > > in acest moment trebuie sa semnezi apache.csr cu autoritatea pe > > care ai creat mai sus > > 3 openssl ca -config fisier_de_config.cnf -out apache.crt -infiles > > apache.csr > > 4 openssl verify -CAfile CA.crt apache.crt > > din acest moment nu mai ai nevoie de apache.csr(poti sa-l stergi) > > > > si atata tot > > m-am facut inteles? > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Hash: SHA1 > > > > > > > > On Wednesday 13 August 2003 11:10, you wrote: > > > > > Am configurat un root CA, am creat un self-signed cert si am > > > > > cacert.pem si cakey.pem in /etc/ssl respectiv > > > > > /etc/ssl/private/ in /etc/ssl/openssl.cnf am setat dir = > > > > > /etc/ssl > > > > > si totul e ok. > > > > > Cand dau sa creez un nou certificat > > > > > #openssl req -config /etc/ssl/openssl.cnf -new -keyout > > > > > newreq.pem -out newreq.pem -days 365 > > > > > > > > > > imi cere PEM pass phrase...indiferent daca bag PEM pass > > > > > phrase-ul root CA-ului, sau orice altceva, imi creaza noul > > > > > certificat. E normal? > > > > > > > > pasii sunt urmatorii: > > > > > > > > 1. creare certificat nou > > > > openssl genrsa -des3 -out ce_vrei_tu.key 1024 > > > > 2. certificate signing request > > > > openssl req -new -key ce_vrei_tu.key -out ce_vrei_tu.csr -days > > > > 365 3. semnarea efectiva certificatului > > > > openssl ca -config fisier_de_config.cnf -out ce_vrei_tu.crt > > > > -infiles ce_vrei_tu.csr > > > > 4. verificare certificat > > > > openssl verify -CAfile /unde/este/CA.crt > > > > /unde/este/ce_vrei_tu.crt > > > > > > > > > > > > - -- > > > > Cu respect/Best Regards, > > > > Adrian Mazarache > > > > > > > > Public key: http://london.forte.ro/mazasign.asc > > > > > > > > -----BEGIN PGP SIGNATURE----- > > > > Version: GnuPG v1.2.2 (GNU/Linux) > > > > > > > > iD8DBQE/OfjoEbm/AUY3ZdkRAtb4AJ4ukur4nMnskHbmcvAy20hlVWVrkACff/E > > > >F mSaawitSfQDp6UI6gnBZSr4= > > > > =EZhT > > > > -----END PGP SIGNATURE----- > > > > > > > > --- > > > > Detalii despre listele noastre de mail: http://www.lug.ro/ > > > > - -- > > Cu respect/Best Regards, > > Adrian Mazarache > > > > Public key: http://london.forte.ro/mazasign.asc > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.2.2 (GNU/Linux) > > > > iD8DBQE/OgSHEbm/AUY3ZdkRAmadAKDRR5WpICFhL+lXHnau8LByavkzCgCdEE5T > > 0D2HsC7S5meaBEmI3KWFrmw= > > =oDUt > > -----END PGP SIGNATURE----- > > > > --- > > Detalii despre listele noastre de mail: http://www.lug.ro/ -- Stefan, a simple Debian user. Linux registered user: #272012 [Linux is Friendly. It's just selective about who his friends are.] --- Detalii despre listele noastre de mail: http://www.lug.ro/
