ssh_host keys are used for verifying that remote machines can be trusted, when doing remote connections to other machines using SSH.
The pem files you generated shouldn't go anywhere in those directories, but somewhere in a Tomcat or Apache directory:
For Tomcat: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
For Apache: put the privkey.pem into apache/conf/ssl.key directory put the cacert.pem into apache/conf/ssl.crt directory
At 18:51 24.07.2003 +1000, you wrote:
In RH7.1 under /etc/ssh there are several ssh_host_* keys and config files. They seem to be for remote client logins. Would my newly generated OpenSSL keys and certificate conflict with them ??? What's the difference between the two ??? Sorry for the newbie questions...
Simon Pabst wrote: > > 1. Generate a private key: > openssl genrsa -des3 -out privkey.pem 2048 > (this should prompt you for a > passphrase)http://www.openssl.org/docs/HOWTO/keys.txt > > 2. a) Generate a self-signed test certificate: > openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 > > 2. b) If you want to use a Trust-Center signed SSL certificate, > you need to create a certificate signing request (CSR) and submit it to a > Certificate Authority (CA): > openssl req -new -key privkey.pem -out cert.csr > > http://www.openssl.org/docs/HOWTO/certificates.txt > > Some Certificate Authorities: > http://www.verisign.com/ > http://www.thawte.com/ > http://www.instantssl.com/ > > At 17:27 24.07.2003 +1000, you wrote: > >Hi. My quixotic tilt at mod_ssl continues... > >I am into my second book on this subject matter. Okay, let's put that in > >that "too-hard" basket for the moment. > >Let's make OpenSSL work first. It does. > >It asks me whether I want to DER or PEM. I take PEM. > >Then it tells me not enough random data. So I did this: > ># openssl -rand -des3 -out server.key 1024 > >That skipped the PEM bit, BUT how do I get it to challenge with a pass > >phrase dialogue ? > >Do all of you use PEM ? > > > >Regards, > >Discombobulated... > >Perplexed in search of perspicacity is the first sign of neurosis. > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
