Re: RE: Suspicious URL:Re: [users@httpd] Problems in setting up a "HTTPS" based WebDAV server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks a ton, Daniel.

I think, you are the first one to hit the nail on the head :-)
Thanks again; I am obliged.

Daniel, it seems that for generating certificates "class 2" identification is required (http://www.startssl.com/?app=34)

Anyhow, since currently I am just in the development/testing phase, so what I just need is the feature working.

Sorry if I may sound a bit too demanding, but I will be really grateful if you could let me now the appropriate commands to generate appropriate "SSLCertificateKeyFile" and "SSLCertificateFile", which will get the "connection to HTTPS WebDAV" server working (just about working locally). For production-based deployment, certificates can be generated on an official basis by my organisation.


Thanks and Regards,
Ajay

On Sat, Mar 24, 2012 at 6:50 PM, Daniel Ruggeri <DRuggeri@xxxxxxxxxxx> wrote:
On 3/23/2012 11:47 PM, Ajay Garg wrote:
> I used the following command to generate the ".key" and ".crt" ::
>
> ################################################################################################################
> openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout
> ssl.key -out ssl.crt
> ################################################################################################################
>
>
> I will be grateful, if you could let me know the required command(s)
> to generate the "RSA Server Certificate", and the ".key" :-)

You already have both (ssl.key is your private key and ssl.crt is your
certificate file). The key becomes SSLCertificateKeyFile and the cert
becomes SSLCertificateFile in your httpd.conf. Since you generated both
at the same time, they are sure to match.

It's important to note that you now have what is called a self-signed
cert (its identity is only vouched for by itself) and practically every
client on the Internet will warn or refuse to connect to your server.
It's up to you to decide if that is a problem or not - if this is
something you will only use privately, it's probably OK.

To get past this, you need to generate a certificate signing request and
send it to a reputable CA for signing. I believe
http://www.startssl.com/ offers this service for free, but there a few
other free ones out there.

openssl req -out ssl.csr -key ssl.key -new

(This generates ssl.csr which you can safely email to be signed)

--
Daniel Ruggeri


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux