From: Umut Gökbayrak (umutgokbayrak@operamail.com)
Date: Tue 29 Aug 2000 - 16:40:24 EEST
Merhaba,
mod_ssl kullandigim icin cevap veriyorum. Apache_ssl hakkinda bilgim yok.
mod_ssl kurmak isterseniz asagidaki metin isinize yarayacaktir umarim...
(Ingilizce oldugu icin ozur dilerim, aceleye geldi)
Here is a step-by-step description:
1.Make sure OpenSSL is really installed and in your PATH. But some commands
even work ok
when you just run the ``openssl'' program from within the OpenSSL source tree
as
``./apps/openssl''.
2.Create a RSA private key for your Apache server (will be Triple-DES
encrypted and PEM
formatted):
$ openssl genrsa -des3 -out server.key 1024
Please backup this server.key file and remember the pass-phrase you had to
enter at a
secure location. You can see the details of this RSA private key via the
command:
$ openssl rsa -noout -text -in server.key
And you could create a decrypted PEM version (not recommended) of this RSA
private key via:
$ openssl rsa -in server.key -out server.key.unsecure
3.Create a Certificate Signing Request (CSR) with the server RSA private key
(output will be PEM formatted):
$ openssl req -new -key server.key -out server.csr
Make sure you enter the FQDN ("Fully Qualified Domain Name") of the server
when OpenSSL
prompts you for the "CommonName", i.e. when you generate a CSR for a website
which will be
later accessed via https://www.foo.dom/, enter "www.foo.dom" here. You can see
the
details of this CSR via the command
$ openssl req -noout -text -in server.csr
4.You now have to send this Certificate Signing Request (CSR) to a Certifying
Authority (CA) for
signing. The result is then a real Certificate which can be used for Apache.
Here you have to
options: First you can let the CSR sign by a commercial CA like Verisign or
Thawte. Then you
usually have to post the CSR into a web form, pay for the signing and await
the signed
Certificate you then can store into a server.crt file. For more information
about commercial CAs
have a look at the following locations:
Verisign
http://digitalid.verisign.com/server/apacheNotice.htm
Thawte Consulting
http://www.thawte.com/certs/server/request.html
CertiSign Certificadora Digital Ltda.
http://www.certisign.com.br
IKS GmbH
http://www.iks-jena.de/produkte/ca/
Uptime Commerce Ltd.
http://www.uptimecommerce.com
BelSign NV/SA
http://www.belsign.be
Second you can use your own CA and now have to sign the CSR yourself by this
CA. Read
the next answer in this FAQ on how to sign a CSR with your CA yourself. You
can see the
details of the received Certificate via the command:
$ openssl x509 -noout -text -in server.crt
5.Now you have two files: server.key and server.crt. These now can be used as
following
inside your Apache's httpd.conf file:
SSLCertificateFile /path/to/this/server.crt
SSLCertificateKeyFile /path/to/this/server.key
The server.csr file is no longer needed.
Iyi Calismalar
Umut Gokbayrak
http://www.trlinux.com
>===== Original Message From Bulent KAYPAK <kaypak@itu.edu.tr> =====
>Merhabalar....
>Apache_ssl ile mod_ssl arasında ne fark var? Kurup kullanan var ise cevap
>yazabilir mi? Ben server'a boyle bir sey kuracagım ama neyi nasıl
>kuracağıma henuz karar veremedim..Lisanslı olanlara göre güvenlikleri nasıl?
>
>Tesekkurler
>
>
>
> Listeden cikmak icin:
> unsub linux
> mesajini listeci@bilkent.edu.tr adresine gonderiniz.
> Lutfen Listeci icin MIME / HTML / Turkce Aksan kullanmayin.
> Listeci arayuzu: http://listweb.bilkent.edu.tr/yardim/bilkent/linux.html
> Liste arsivinin adresi: http://listweb.bilkent.edu.tr/
Listeden cikmak icin:
unsub linux
mesajini listeci@bilkent.edu.tr adresine gonderiniz.
Lutfen Listeci icin MIME / HTML / Turkce Aksan kullanmayin.
Listeci arayuzu: http://listweb.bilkent.edu.tr/yardim/bilkent/linux.html
Liste arsivinin adresi: http://listweb.bilkent.edu.tr/