|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: Lars Eilebrecht <sfx@unix-ag.uni-siegen.de> To: www-security@ns2.rutgers.edu Date: Fri, 17 Jan 1997 10:34:55 +0100 (MET) In-Reply-To: <199701160312.WAA19207@cliff.cris.com> from "PAVO" at Jan 15, 97 10:11:49 pm Errors-To: owner-www-security@ns2.rutgers.edu Paul Wojcicki wrote: > I am a high school student trying to set up my own server. I just got > SSLeay and configured my own CA. I am having trouble signing the > certificate for the site. What kind of trouble? > I cannot find any documentation on setting up the > INDEX and SERIAL files, and these may be at the root of the problem. I > included my config file. If anyone is willing to help me with this, I will > be very grateful. If you don't want a specific serial number, don't care about its setting. If you want to restart from number 0 simply delete the serial file (IMHO). [...] This is the important part for your request and the resulting certificate: > [ req ] > default_bits = 1024 > default_keyfile = privkey.pem > distinguished_name = req_distinguished_name > > [ req_distinguished_name ] > countryName = Country Name (2 letter code) Use somthing like "US" or "DE" for the countryName. > countryName_min = 2 > countryName_max = 2 > stateOrProvinceName = State or Province Name (full name) > localityName = Locality Name (eg, city) > organizationName = Organization Name (eg, company) > organizationalUnitName = Organizational Unit Name (eg, section) Add your default text for the previous four options. > commonName = Common Name (the name of your machine) The 'commonName' is an important value. It _must_ reflect the exact full qualified domain name of your machine. eg. "commonName = www.sub.domain.com" > commonName_max = 64 > emailAddress = Email Address > emailAddress_max = 40 The entered values are only the default values, you can change them on every CA request. To generate a certificate request use the CA.sh script from SSLeay. Type "CA.sh -req" and with "CA.sh -sign" you can sign the request. The webserver (eg SSL-Apache) needs the private key (of the server) and the signed server certificate. You can put them both in one file (in the default pem format) and set the apropriate server options. HTH. ciao... -- Lars Eilebrecht sfx@cyberspace.org sfx@unix-ag.uni-siegen.de
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |