symmetric or asymmetric ?

Hello !

I am one of many mod-ssl beginners, and I have two questions.


1. The modssl web site refers to the SSL cryptography algorithm
as being conventional, or symmetric. But mod-ssl uses public
and private keys, which are known as parts of asymmetric
cryptography. Any explanation ?

2. I copied a mod-ssl-enhanced apache-2.0.48 installation to
another machine, replaced the certificate file ( server.crt )
with another certificate ( but same file name ), and made
some small changes in httpd.conf and ssl.conf. Of course,
this did not work. Is there any way that I can generate a
new private key ( server.key file ) according to the
public key in the new certificate file ? Or should I remove
everything and install again, the proper way ?


Regards

Anders



____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: symmetric or asymmetric ?

> 1. The modssl web site refers to the SSL cryptography algorithm
> as being conventional, or symmetric. But mod-ssl uses public
> and private keys, which are known as parts of asymmetric
> cryptography. Any explanation ?

Asymmetric cryptography is used to agree and exchange keys for symmetric
cryptography (much faster)

> 2. I copied a mod-ssl-enhanced apache-2.0.48 installation to
> another machine, replaced the certificate file ( server.crt )
> with another certificate ( but same file name ), and made
> some small changes in httpd.conf and ssl.conf. Of course,
> this did not work. Is there any way that I can generate a
> new private key ( server.key file ) according to the
> public key in the new certificate file ? Or should I remove
> everything and install again, the proper way ?

"it did not work" does not tell us much :) Which errors did you get?
What did you change? What is the current conf?

Since you are just starting with mod_ssl, I suggest reinstalling from
scratch rather than trying to figure out what may be going wrong.
You can find detailed information on how SSL works (symm/asymm.,
certificates, etc.) and how to get Apache 2 + mod_ssl working on a chapter I
have online at

http://www.apacheworld.org/ty24/site.chapter17.html


Cheers

Daniel

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: symmetric or asymmetric ?

On Fri, Feb 06, 2004 at 06:09:45PM +0100, Ringaby Anders wrote:
>
>
> Hello !
>
> I am one of many mod-ssl beginners, and I have two questions.
>
>
> 1. The modssl web site refers to the SSL cryptography algorithm
> as being conventional, or symmetric. But mod-ssl uses public
> and private keys, which are known as parts of asymmetric
> cryptography. Any explanation ?
>
mod_ssl uses both - if you want the details, read:
http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html

> 2. I copied a mod-ssl-enhanced apache-2.0.48 installation to
> another machine, replaced the certificate file ( server.crt )
> with another certificate ( but same file name ), and made
> some small changes in httpd.conf and ssl.conf. Of course,
> this did not work. Is there any way that I can generate a
> new private key ( server.key file ) according to the
> public key in the new certificate file ? Or should I remove
> everything and install again, the proper way ?
>
There's nothing that should keep the keys from working on different
machines, so chances are that it is either the installation or the
configuration that failed.

vh

Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

variable lookup failed for /opt/apache-2.0.48/conf::private_key

Hello !

Can anyone help me with this one ?


When the sign.sh script runs the following command:

openssl ca -config /opt/apache-2.0.48/conf/ca.config -out $CERT -infiles $CSR


Then I get this error message:

variable lookup failed for /opt/apache-2.0.48/conf::private_key


The private key file is there, and everything, but still ....

Any changes I try to make to the config files ca.config or openssl.cnf
does not make things any better, and no crt-file is created.

What am I doing wrong ?


Regards

Anders



____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org