getting close with apache2, ssl, solaris 8
getting close with apache2, ssl, solaris 8
am 26.06.2002 23:37:08 von Jeff Landers
I am getting the key values mismatch error which seems like it should be pretty basic in that they don't match just like it says. However, I remade the CA, cert request, and signed it using the CA.sh -newca, CA.sh -newreq, and CA.sh -sign which created the cakey.pem and the newcert.pem. I pointed the Server Private Key directive at the cakey.pem and the Server Certificate directive at the newcert.pem but still get the mismatch error. I searched the archives for this rookie mistake but can't figure out what I am doing wrong. Point me in the right direction, please. Thank you everyone for all of the help in getting this far. Sign me...
Close but no cigar.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
Re: getting close with apache2, ssl, solaris 8
am 27.06.2002 01:00:23 von Peter Viertel
I think your confusion is in using the cakey when in fact you should use
the key that you made the cert request from for the Server Private key
directive....
eg: if you used the following two invocations of openssl....
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
....then however you get a cert from the csr...(use CA.sh or pay a real
CA, or sign.sh) . and the cert gets saved as server.crt
then the Apache conf would be:
SSLCertificateKeyFile conf/ssl.key/server.key
SSLCertificateFile conf/ssl.crt/server.crt
if I'm not making any sense, then see if the Modssl FAQ is better for
you : http://www.modssl.org/docs/2.8/ssl_faq.html#cert-real
Jeff Landers wrote:
>I am getting the key values mismatch error which seems like it should be pretty basic in that they don't match just like it says. However, I remade the CA, cert request, and signed it using the CA.sh -newca, CA.sh -newreq, and CA.sh -sign which created the cakey.pem and the newcert.pem. I pointed the Server Private Key directive at the cakey.pem and the Server Certificate directive at the newcert.pem but still get the mismatch error. I searched the archives for this rookie mistake but can't figure out what I am doing wrong. Point me in the right direction, please. Thank you everyone for all of the help in getting this far. Sign me...
>
>Close but no cigar.
>
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>
>
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
Re: getting close with apache2, ssl, solaris 8
am 27.06.2002 01:07:00 von Jeff Landers
That makes sense. I was pointing at the wrong files. Oops. Thank you everyone for helping the newbie get his first apache ssl server running. I will try to be a giver instead of taker.
>>> peter.viertel@itaction.co.uk 06/26/02 04:00PM >>>
I think your confusion is in using the cakey when in fact you should use
the key that you made the cert request from for the Server Private key
directive....
eg: if you used the following two invocations of openssl....
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
....then however you get a cert from the csr...(use CA.sh or pay a real
CA, or sign.sh) . and the cert gets saved as server.crt
then the Apache conf would be:
SSLCertificateKeyFile conf/ssl.key/server.key
SSLCertificateFile conf/ssl.crt/server.crt
if I'm not making any sense, then see if the Modssl FAQ is better for
you : http://www.modssl.org/docs/2.8/ssl_faq.html#cert-real
Jeff Landers wrote:
>I am getting the key values mismatch error which seems like it should be pretty basic in that they don't match just like it says. However, I remade the CA, cert request, and signed it using the CA.sh -newca, CA.sh -newreq, and CA.sh -sign which created the cakey.pem and the newcert.pem. I pointed the Server Private Key directive at the cakey.pem and the Server Certificate directive at the newcert.pem but still get the mismatch error. I searched the archives for this rookie mistake but can't figure out what I am doing wrong. Point me in the right direction, please. Thank you everyone for all of the help in getting this far. Sign me...
>
>Close but no cigar.
>
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>
>
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org