Snort mailing list archives
Re: certificate verify error
From: Erick Mechler <emechler () techometer net>
Date: Wed, 9 Apr 2003 12:09:19 -0700
:: I think I am just going to start again with these certificates and :: create some more... :: :: So, If I can just verify what I need to do: :: :: /usr/bin/openssl genrsa -out ssl.key 1024 :: :: to generate a private key, and then: :: :: /usr/bin/openssl req -new -x509 -days 365 -key ssl.key -out ssl.cert :: :: to generate a certificate using the key. You can do this all on one line (ie, generate a self-signed certificate) by just doing this: openssl req -x509 -new -days 365 -outform PEM -nodes -out cert.pem If you want to have your certificate encrypted (such that you need a password to startup Apache with -DSSL) then remove the -nodes option. This will put your certificate into cert.pem, and your private key into privkey.pem. :: and then where is the best place to put ssl.key and ssl.cert? :: (my apache httpd.conf is in /etc/httpd/conf/) Your certificate file should go into /etc/httpd/conf/ssl.crt/server.pem, and the key should go into /etc/httpd/conf/ssl.key/server.key. The ssl.crt directory should be perms 755, and the ssl.key directory should be 700. When in doubt, jut follow the examples in the sample httpd.conf. :: Do I also need to generate another file from these two for the :: SSLCACertificateFile ? This is entirely optional. You really only need this if you want to client side certificate authorization, which it doesn't sound like you're doing. Cheers - Erick ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- certificate verify error Jill Tovey (Apr 08)
- Re: certificate verify error Erick Mechler (Apr 08)
- Re: certificate verify error Jill Tovey (Apr 08)
- Re: certificate verify error Erick Mechler (Apr 08)
- Re: certificate verify error Jill Tovey (Apr 09)
- Re: certificate verify error Erick Mechler (Apr 09)
- Re: certificate verify error Jill Tovey (Apr 08)
- Re: certificate verify error Erick Mechler (Apr 08)
- Re: certificate verify error Jill Tovey (Apr 08)