Hi, Does anyone have a pointer to correct documantation for generating and installing a self signed ssl cert for use on httpd on a C-5 machine? The docs say to use genkey but AFAIK upstream rm'd crypto-utils from the distro and as such it is not available. I tried generating the cert on a C-4 machine using genkey and installing on the C-5 machine but I get the following error when I try to connect: [Thu Oct 25 12:48:03 2007] [debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSLv3 read client certificate B [Thu Oct 25 12:48:03 2007] [debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read client certificate B [Thu Oct 25 12:48:03 2007] [debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read client certificate B [Thu Oct 25 12:48:03 2007] [info] [client 192.168.0.25] SSL library error 1 in handshake (server roadrunner.tntechs.com:443) [Thu Oct 25 12:48:03 2007] [info] SSL Library Error: 336105671 error:140890C7:SSL routines:func(137):reason(199) [Thu Oct 25 12:48:03 2007] [info] [client 192.168.0.25] Connection closed to child 0 with abortive shutdown (server roadrunner.tntechs.com:443) Can anyone tell me where I am going wrong here? Google is not being helpful and I am getting frustrated. I wish I better understood open ssl. :-( Regards, -- Tom Diehl tdiehl at rogueind.com Spamtrap address mtd123 at rogueind.com
On Thu, 25 Oct 2007, Tom Diehl wrote:> Hi, > > Does anyone have a pointer to correct documantation for generating and > installing a self signed ssl cert for use on httpd on a C-5 machine?Generating: http://www.madboa.com/geek/openssl/#cert-self As for installing, you'll want to follow the paths in your local httpd configuration, often defined in /etc/httpd/conf.d/ssl.conf. -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
On 10/25/07, Tom Diehl <tdiehl at rogueind.com> wrote:> Hi, > > Does anyone have a pointer to correct documantation for generating and > installing a self signed ssl cert for use on httpd on a C-5 machine? > > The docs say to use genkey but AFAIK upstream rm'd crypto-utils from the > distro and as such it is not available. I tried generating the cert on a C-4 > machine using genkey and installing on the C-5 machine but I get the following > error when I try to connect: > > [...] > > Can anyone tell me where I am going wrong here? Google is not being helpful > and I am getting frustrated. I wish I better understood open ssl. :-( > > Regards, > > -- > Tom Diehl tdiehl at rogueind.com Spamtrap address mtd123 at rogueind.comYou might find a bunch of guides online that give you ways to do it using openssl, but C5 has a Makefile already set up to do this for you. Steps: 1. cd /etc/pki/tls/certs 2. make testcert 3. restart apache The default ssl.conf file points to the localhost.* files that are generated by this command.