Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: certificate verify error

From: Erick Mechler <emechler () techometer net>
Date: Wed, 9 Apr 2003 12:09:19 -0700
:: I think I am just going to start again with these certificates and
:: create some more...
:: 
:: So, If I can just verify what I need to do:
:: 
:: /usr/bin/openssl genrsa -out ssl.key 1024
:: 
:: to generate a private key, and then:
:: 
:: /usr/bin/openssl req -new -x509 -days 365 -key ssl.key -out ssl.cert
:: 
:: to generate a certificate using the key.

You can do this all on one line (ie, generate a self-signed certificate) by 
just doing this:

  openssl req -x509 -new -days 365 -outform PEM -nodes -out cert.pem

If you want to have your certificate encrypted (such that you need a
password to startup Apache with -DSSL) then remove the -nodes option.  
This will put your certificate into cert.pem, and your private key into
privkey.pem.

:: and then where is the best place to put ssl.key and ssl.cert?
:: (my apache httpd.conf is in /etc/httpd/conf/)

Your certificate file should go into /etc/httpd/conf/ssl.crt/server.pem,
and the key should go into /etc/httpd/conf/ssl.key/server.key.  The ssl.crt
directory should be perms 755, and the ssl.key directory should be 700.  
When in doubt, jut follow the examples in the sample httpd.conf.

:: Do I also need to generate another file from these two for the
:: SSLCACertificateFile ? 

This is entirely optional.  You really only need this if you want to client 
side certificate authorization, which it doesn't sound like you're doing.

Cheers - Erick


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: