On Monday 10 September 2001 12:47, will trillich wrote:
> On Mon, Aug 27, 2001 at 09:00:41AM +0800, MunFai wrote:
> > Hi!
> > I am trying to sign my own server.crt file for use with Apache. I am
> > using Debian, with OpenSSL 0.9.6b-1.
> > I seem to be running into a problem when I'm running sign.sh to sign the
> > .csr file. This is what I get:
> >
> > sblabs:/etc/apache/ssl.crt# ./sign.sg server.csr
> > CA signing: server.csr -> server.crt:
> > Using configuration from ca.config
> > Enter PEM pass phrase:
> > Check that the request matches the signature
> > Signature ok
> > The Subjects Distinguished Name is as follows
> > commonName :PRINTABLE:'sblabs'
> > Certificate is to be certified until Aug 20 10:46:44 2002 GMT (365 days)
> > Sign the certificate? [y/n]:y
> > 1 out of 1 certificate requests certified, commit? [y/n]y
> > Write out database with 1 new entries
> > Data Base Updated
> > CA verifying: server.crt <-> CA cert
> > server.crt:/CN=sblabs
> > error 18 at 0 depth lookup:self signed certificate
> > /CN=sblabs
> > error 7 at depth 0 lookup:certificate signature failure
> >
> > Can anyone please help me with this problem? Thanks!
> > And by the way, in the documentation for modssl at their website, it is
> > mentioned that there is a script 'ca.sh' or 'ca.pl' for creating
> > certificates. I've looked through the source but could not find them.
> > Would anyone be kind enough to tell me where to look, or to send me the
> > script? Thanks again.
>
> i'm headed in your direction, about twelve footsteps behind you.
> i bet this'll bite me, too. have you found anything about this?
I actually just did this a few days ago. You need to do the following:
1) generate a key for the domain, which goes in /etc/apache/ssl.key
$ openssl req -new -key www.virtualhost.com.key -out \
www.virtualhost.com.key.csr
2)openssl x509 -req -days 360 -in www.virtualhost.com.csr \
-signkey www.virtualhost.com.key -out www.virtualhost.com.crt
This command wil generate your self signed certificate which goes in
/etc/apache/ssl.crt
Make sure you update your httpd.conf file with
SSLCertificateFile /etc/apache/ssl.crt/www.virtualhost.com.crt
SSLCertificateKeyFile /etc/apache/ssl.key/www.virtualhost.com.key
Good luck!
