--- Craig White <craigwhite@xxxxxxxxxxx> wrote: > On Wed, 2005-12-28 at 02:28 -0800, M E Fieu wrote: > > Hi.. I tried to enable SSL / create a SSL Cert in my Fedora 3 > > > > I used the following to create server key > > > > openssl genrsa -des3 4096 >/etc/httpd/conf/ssl.key/server.key > > > > then I make your a self signet cerificte with > > > > openssl req -new -x509 -key /etc/httpd/conf/ssl.key/server.key -out > > > /etc/httpd/conf/ssl.crt/server.crt -days 365 -utf8 > > > > and then I ensure the following entries is in my ssl.conf > > SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt > > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key > > > > and restart my apache, when I surf to https://mywebsite , it state page not found. > > http://mywebsite is ok. and when I telnet port 443 to that server, it failed too. > > > > The error_log show > > [Wed Dec 28 16:08:58 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK > > [Wed Dec 28 16:08:58 2005] [notice] LDAP: SSL support unavailable > > [Wed Dec 28 16:08:58 2005] [notice] Apache/2.0.53 (Fedora) configured -- resuming normal > > operations > > [Wed Dec 28 17:59:16 2005] [notice] caught SIGTERM, shutting down > > [Wed Dec 28 17:59:17 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) > > [Wed Dec 28 17:59:17 2005] [notice] Digest: generating secret for digest authentication ... > > [Wed Dec 28 17:59:17 2005] [notice] Digest: done > > > > I also tried to create a CSR to submit to my windows domain Root CA to sign it > > http://windowsCA/certsrv/ Can anyone tell me whether windows domain CA and sign Linux CSR? > > > > I used the following command to create CSR of my Linux box > > openssl req -new -key /etc/httpd/conf/ssl.key/server.key -out > /etc/httpd/conf/ssl.key/server.csr > > > > and use the server.csr content to http://windowsCA/certsrv/ and the windows CA can sign it and > > return as certnew.cer. It rename it as server.crt and move it to my linux box's > > /etc/httpd/conf/ssl.crt/server.crt and restart the apache. Not sure whether it is right , > but I > > also can't telnet 443 to my linux box and error message is the same as above > ---- > this is how I do it. > > cd /usr/share/ssl/certs > > openssl genrsa -des3 -out ca.key 2048 > openssl genrsa -des3 -out server.key 1024 > > #### generate web server certificate #### > openssl rsa -in server.key -out server.key.unsecure > openssl req -config /usr/share/ssl/openssl.cnf -new -x509 -days 3650 \ > -key server.key.unsecure -out server.crt > rm -fr /etc/httpd/conf/ssl.crt/server.crt > cp server.crt /etc/httpd/conf/ssl.crt/ > rm -fr /etc/httpd/conf/ssl.key/server.key > cp server.key.unsecure /etc/httpd/conf/ssl.key/server.key Hi.. thanks I have followed what you have shown me but I still get the same error message and I can't telnet 443 to my box same as before. :( can you tell me what is mean by "openssl rsa -in server.key -out server.key.unsecure", what is "in" and "out" and what is the difference between server.key and server.key.unsecure ??? also "openssl req -config /usr/share/ssl/openssl.cnf -new -x509 -days 3650 \ -key server.key.unsecure -out server.crt" it mean CA to signing server.crt with server private key server.key.unsecure? Why ca.key that created has never been used in the process? __________________________________ Yahoo! for Good - Make a difference this year. http://brand.yahoo.com/cybergivingweek2005/