Re: https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Well, "a while" turned out to be one day. Stuck again.

I found a web page that had some info on it, It shows a command (openssl req) to create a privately signed SSL key. Unfortunately, it doesn't explain that command, but 'man req 1' has more information such as what '-x509' does for me (this has got to be one of the greatest parameter keywords of all time). However, the example include this on the openssl command line:

    -subj /O=VirtualH/OU=Virtual/CN=127.0.0.1

The man req 1 page says this consists of a subject line with sub-options /O as "VirtualH", /OH as "Virtual", and "CN" as "127.0.0.1", and no blanks. But I can find nothing, NOTHING, that explain what the suboptions of the -subj parameter are. What is O? What is OU? What is CN? Is 'VirtualH' a name for the virtual host? Where is that documented, does anyone know?

I'd like to get the company name into that certificate somewhere, but don't yet see how.

Thank you.


Thank you very much Yehuda. I think I am launched and can follow on for a while by myself.




On Thu, Apr 3, 2014 at 6:10 AM, Andy Canfield <andycanfield@xxxxxxxxxx> wrote:

Files:
-rw-r--r-- 1 root 859 Apr  3 11:45 /etc/apache2/ssl/crt/vhost1.crt
-rw-r--r-- 1 root 916 Apr  3 11:45 /etc/apache2/ssl/key/vhost1.key
So AFAIK I've got a certificate I've generated myself. Nobody vouches for me but it shoud enable encryption and make my TCP/IP packets hard to read.

Contents of /etc/apache2/ports.conf:
NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    Listen 443
</IfModule>
<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

Files:

-rw-r--r-- 1 andy 1439 Apr  3 14:48 /etc/apache2/sites-available/default
-rw-r--r-- 1 andy 7485 Jun 16  2011 /etc/apache2/sites-available/default-ssl
-rw-r--r-- 1 root 7469 Feb  7  2012 /etc/apache2/sites-available/default-ssl.original
-rw-r--r-- 1 root  950 Feb  7  2012 /etc/apache2/sites-available/default.original

I see here that /etc/apache2/sites-available has one symbolic link to /etc/apache2/sites-available/default, and no symbolic links to any of the other entries in the sites-available directory. Also all the other entries in /etc/apache2/sites-available are symbolic links to configuration files such as

lrwxrwxrwx 1 root 21 May  6  2012 /etc/apache2/sites-enabled/opal.conf -> /www/opal/apache.conf
These links have been working fine for years as links into the site control directory and not into 'sites-available'. But perhaps that is wrong.

Maybe what I need is a symbolic link from sites-enabled to ../sites-available/default-ssl ? Nope, tested, did not solve the problem....

When I give this command (as root) -
    /etc/init.d/apache2 restart
I see only this output:

apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.1.112 for ServerName
 ... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.1.112 for ServerName
                                                                            [ OK ]

But nmap still says that nothing is listening to port 443.

Thank you Oren.


On 04/03/2014 04:04 PM, Oren wrote:
Hi Andy.
Process basically include getting/creating a certificate, define it on your site and reload apache.
here is a centos manual which is not exactly the same on ubuntu but pretty much explains the order of things
http://wiki.centos.org/HowTos/Https

on ubuntu you will have to open the 443 port
<IfModule mod_ssl.c>
    Listen 443
</IfModule>

once the https is ready, you can do a redirect to the https site from http. (with mod_rewrite)

do you have logs or any information on what is not working?

Oren

On 04/03/2014 11:39 AM, Andy Canfield wrote:
I have been using apache for maybe ten years now, and maintain two
servers in addition to the apache on my notebook computer for testing.
All using Ubuntu Linux *.04 LTS. It now appears that I ought to convert
from http to https.

But the documentation is insane. A piece here, a piece there, have to do
X (but first? and afterwards?). Assuming everything is else is OK, this
is way you edit this line in VirtualHost file (there is no
"/etc/apache2/.../VirtualHost" file!)

I figure that I need to do it in two steps:
[1] Get the https version up and running, and
[2] Make the http version automatically switch to https.

But I can't get https working at all, for anything. There's a "Listen
443" in /etc/apache2/ports.conf but 'nmap localhost' says 443 is a
closed port.

Has anybody else ever converted a hosted site from http to https? What
did you have to do to get the secure one working?


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


.






[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux