Quickie on Certrificate Requests (combined with virtual hosts)...

Quickie on Certrificate Requests (combined with virtual hosts)...

am 01.07.2002 21:16:46 von Sean M Alderman

Greetings all,
I'm hoping someone on the list might have some experience with
multiple IP based virtual hosts and generating CSRs for ssl certs for
each host. Something has me thinking that if I run the commans from the
mod_ssl faq, I'll get several CSRs for the same host (either local or
the main hostname). That shouldn't be, certs are hostname specific
right? Anyway, if anyone would be so kind as to pass me a clue.

Thanks.
--
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Quickie on Certrificate Requests (combined with virtual hosts)...

am 01.07.2002 21:18:10 von Cliff Woolley

On 1 Jul 2002, Sean M Alderman wrote:

> I'm hoping someone on the list might have some experience with
> multiple IP based virtual hosts and generating CSRs for ssl certs for
> each host. Something has me thinking that if I run the commans from the
> mod_ssl faq, I'll get several CSRs for the same host (either local or
> the main hostname). That shouldn't be, certs are hostname specific
> right? Anyway, if anyone would be so kind as to pass me a clue.

The commands in the FAQ should be okay. When you run openssl and ask it
to generate a CSR, it will prompt you for various things, one of which is
"Common Name (CN)" -- enter the hostname with which the certificate should
be associated there, and that's all you should have to do.

--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Quickie on Certrificate Requests (combined with virtual

am 01.07.2002 22:05:43 von Sean M Alderman

Cool, thanks!... So I've done that, I needed to use the make certificate
instead of the openssh commands because of the lack of a /dev/random on
Solaris 8 (I don't know why make is able to do make it happen when I
can't). Anyway, each time I run it it generates a new server.key file,
I need to keep each of these right?...perhaps name them based on the
virtual host each are for?

On Mon, 2002-07-01 at 15:18, Cliff Woolley wrote:
> On 1 Jul 2002, Sean M Alderman wrote:
>
> > I'm hoping someone on the list might have some experience with
> > multiple IP based virtual hosts and generating CSRs for ssl certs for
> > each host. Something has me thinking that if I run the commans from the
> > mod_ssl faq, I'll get several CSRs for the same host (either local or
> > the main hostname). That shouldn't be, certs are hostname specific
> > right? Anyway, if anyone would be so kind as to pass me a clue.
>
> The commands in the FAQ should be okay. When you run openssl and ask it
> to generate a CSR, it will prompt you for various things, one of which is
> "Common Name (CN)" -- enter the hostname with which the certificate should
> be associated there, and that's all you should have to do.
>
> --Cliff
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
--
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Quickie on Certrificate Requests (combined with

am 01.07.2002 22:24:28 von Jeff Landers

If you wish to fix Solaris 8 to use /dev/random use the following Sun patch available thru Sunsolve

dev random patch number 112438-01

>>> sean.m.alderman@grc.nasa.gov 07/01/02 01:05PM >>>
Cool, thanks!... So I've done that, I needed to use the make certificate
instead of the openssh commands because of the lack of a /dev/random on
Solaris 8 (I don't know why make is able to do make it happen when I
can't). Anyway, each time I run it it generates a new server.key file,
I need to keep each of these right?...perhaps name them based on the
virtual host each are for?

On Mon, 2002-07-01 at 15:18, Cliff Woolley wrote:
> On 1 Jul 2002, Sean M Alderman wrote:
>
> > I'm hoping someone on the list might have some experience with
> > multiple IP based virtual hosts and generating CSRs for ssl certs for
> > each host. Something has me thinking that if I run the commans from the
> > mod_ssl faq, I'll get several CSRs for the same host (either local or
> > the main hostname). That shouldn't be, certs are hostname specific
> > right? Anyway, if anyone would be so kind as to pass me a clue.
>
> The commands in the FAQ should be okay. When you run openssl and ask it
> to generate a CSR, it will prompt you for various things, one of which is
> "Common Name (CN)" -- enter the hostname with which the certificate should
> be associated there, and that's all you should have to do.
>
> --Cliff
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
--
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Quickie on Certrificate Requests (combined with virtual hosts)...

am 01.07.2002 22:30:09 von Cliff Woolley

On 1 Jul 2002, Sean M Alderman wrote:

> Cool, thanks!... So I've done that, I needed to use the make certificate
> instead of the openssh commands because of the lack of a /dev/random on
> Solaris 8 (I don't know why make is able to do make it happen when I
> can't). Anyway, each time I run it it generates a new server.key file,
> I need to keep each of these right?...perhaps name them based on the
> virtual host each are for?

Yes, exactly right.

Dunno why the make certificate thing works when the openssl commands
directly don't -- probably just some configuration issues.

--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Quickie on Certrificate Requests (combined with virtual

am 02.07.2002 15:01:55 von Sean M Alderman

Thanks guys. I saw the Sun patch, but unfortunately I'm just the
webmaster on this machine, not the Admin, so there's not a lot I can do
about that except ask him to put it on. Anyway, I just shipped off my
CSRs. Thanks for the Help!

On Mon, 2002-07-01 at 16:30, Cliff Woolley wrote:
> On 1 Jul 2002, Sean M Alderman wrote:
>
> > Cool, thanks!... So I've done that, I needed to use the make certificate
> > instead of the openssh commands because of the lack of a /dev/random on
> > Solaris 8 (I don't know why make is able to do make it happen when I
> > can't). Anyway, each time I run it it generates a new server.key file,
> > I need to keep each of these right?...perhaps name them based on the
> > virtual host each are for?
>
> Yes, exactly right.
>
> Dunno why the make certificate thing works when the openssl commands
> directly don't -- probably just some configuration issues.
>
> --Cliff
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
--
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org