misc
Tux's lil' helper
Joined: 09 Sep 2003
Posts: 109
|
 Posted: Wed May 12, 2004 8:47 am Post subject: apache2 bs |
 |
|
Hi, I'm having a problem with apache and ssl. I want to make it so that only people who have a certificate can access the website that I'm hosting. I have signed this certificate myself. This is what I did to create the certificate:
First the private key:
| Code: |
openssl genrsa -des3 -out server.key 1024
|
I dont want it asking me for a pass phrase when i start apache, so:
| Code: |
openssl rsa -in server.key -out server.pem
|
So now server.pem is my private key.
Now it's time to create the CSR:
| Code: |
openssl req -new -key server.pem -out server.csr
|
And now I can sign it:
| Code: |
openssl x509 -req -days 60 -in server.csr -signkey server.pem -out server.crt
|
Now conver the key to pfx so netscape can read it (dont think this is safe)
| Code: |
openssl pkcs12 -export -out cacert.p12 -in server.crt -inkey server.pem
|
And thats it!
Now I actually import it into netscape, blah blah, restart apache, all fine. I go to a page though and netscape returns the error:
"<Hostname> has recieved an incorrect or unexpected message: Error code -12227"
My apache config is untouched, except for this in 41_mod_ssl.default-vhost.conf:
SSLVerifyClient require
I really dont know what the hell is going on. Amazingly, it use to work. Then i stuffed around with the keys and now it doesn't work. It also always brings up that box saying "this is an insecure site, blah blah blah". It never use to say that either. I've tried IE and with IE it just says that the page cannot be displayed.
Error log doesn't have much info. Any ideas? My certificate is probably generated wrongly or something, I'm not sure. I've spent too many hours on it.[/code] |
|
Networking & Security
