[TriLUG] Creating self-signed SSL certificates for apache

Craig Duncan craigduncan at nc.rr.com
Fri Nov 2 22:22:32 EST 2001


Ok, I can resolve in netscape 6.1 and I am presented with an unknown
certificate. IE simply displays an error - unsure why at this time.

-----Original Message-----
From: trilug-admin at trilug.org [mailto:trilug-admin at trilug.org]On Behalf
Of Errol Casey
Sent: Friday, November 02, 2001 9:46 PM
To: trilug at trilug.org
Subject: Re: [TriLUG] Creating self-signed SSL certificates for apache


Hmmm. I've checked the forwarding on my linksys box and it is forwarding
443 to the correct host behind the firewall.

On the linux box; the https daemon is running, see stats below.

I have been able to access my site on a solaris box from Nortel -> my home
box; so I'm not sure what is causing my issue with not being able to
connect. Tonight from a windows machine (behind the firewall), Netscape gets
an message saying an error occured with the security module and then aborts
connecting to the site...hmmmmm

Are you trying from a windows or linux box? Which browser...
wonder what else I should check on my end; I cannot think of anything
that has changed except the certificates.

I do use the cname alias amr.boo-bear.com which resolves to
amr.homeip.net; maybe I should use amr.homeip.net  as hostname on
linux box? I'll try this and reboot tonight.


[errol at amr .everybuddy]$ netstat -a | grep https
tcp        0      0 *:https                 *:*                     LISTEN
[errol at amr .everybuddy]$ ps -ef | grep http
root      8001     1  0 Oct29 ?        00:00:00
/usr/local/apache/bin/httpd -DSS
nobody    8002  8001  0 Oct29 ?        00:00:00
/usr/local/apache/bin/httpd -DSS
nobody    8003  8001  0 Oct29 ?        00:00:00
/usr/local/apache/bin/httpd -DSS
nobody    8004  8001  0 Oct29 ?        00:00:00
/usr/local/apache/bin/httpd -DSS
nobody    8005  8001  0 Oct29 ?        00:00:00
/usr/local/apache/bin/httpd -DSS
nobody    8006  8001  0 Oct29 ?        00:00:00
/usr/local/apache/bin/httpd -DSS
nobody    8021  8001  0 Oct29 ?        00:00:00
/usr/local/apache/bin/httpd -DSS
nobody    6369  8001  0 10:47 ?        00:00:00
/usr/local/apache/bin/httpd -DSS
nobody    6370  8001  0 10:47 ?        00:00:00
/usr/local/apache/bin/httpd -DSS
nobody    6371  8001  0 10:47 ?        00:00:00
/usr/local/apache/bin/httpd -DSS

On Fri, Nov 02, 2001 at 08:35:39PM -0500, Craig Duncan wrote:
> Can't reach the site. Are you are behind a firewall or did you take the
> server down?
> If Netscape will accept the certificate, so should IE. If you open up the
> site I can test.
>
>
> -----Original Message-----
> From: trilug-admin at trilug.org [mailto:trilug-admin at trilug.org]On Behalf
> Of Errol Casey
> Sent: Friday, November 02, 2001 7:31 PM
> To: trilug at trilug.org
> Subject: [TriLUG] Creating self-signed SSL certificates for apache
>
>
> I've been trying to create self-signed SSL certificates. I have
> created both the certificates for server and CA; and gone through
> the steps I found on mod_ssl site and elsewhere.
>
> Problem I am having is, that Microsoft IE seems to not accept
> the certificate; where as Netscape and Opera will.
>
> I'm using a dynamic DNS service and don't know if that might
> be part of the problem.
>
> my hostname is amr.homeip.net; I used this in both certificates.
> I also used the same password.
>
> This is for personal use so , I don't want to purchase a certificate
> from verisign, etc. I would like to learn/understand how to do
> it with linux and apache on my box.
>
> https://amr.homeip.net is my home box; if anybody wants to visit
> and see if they can determine any problem with the certificate and/or
> why IE just doesn't accept it at all, and says the web site isn't
> available. I don't run http at all on my box just https.
>
> Thanks for any suggestions.
>
>
>
> --
> Errol Casey
> (GPG Key: Send email with Subject: send gpg )
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug

--
Errol Casey
(GPG Key: Send email with Subject: send gpg )
_______________________________________________
TriLUG mailing list
http://www.trilug.org/mailman/listinfo/trilug




More information about the TriLUG mailing list