logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Certificate creation problem Apache 2.2.6 ASF
Author
SabinF



Joined: 03 May 2006
Posts: 37
Location: Timisoara (Romania)
PostPosted: Thu 11 Oct '07 14:14    Post subject: Certificate creation problem Apache 2.2.6 ASF Reply with quote
Can anyone help me? I use ASF distribution of Apache 2.2.6 with OpenSSL and I can't create a certificate. Even though I have set the environment variable OPENSSL_CONF, it says that openssl.exe can't find the file, although it's there.

I use the following script:

Quote:
@echo off
title Certificate Generator

set OPENSSL_CONF="C:\Program Files\Apache Software Foundation\Apache2.2\conf\openssl.cnf"
set OPENSSL_EXE="C:\Program Files\Apache Software Foundation\Apache2.2\bin\openssl.exe"

cd /d "C:\Program Files\Apache Software Foundation\Apache2.2\conf"
%OPENSSL_EXE% genrsa -des3 -out server.key 4096
%OPENSSL_EXE% req -new -key server.key -out server.csr
%OPENSSL_EXE% x509 -req -days 1460 -in server.csr -signkey server.key -out server.crt
del server.csr
del C:\.rnd
pause


I hope it will be useful to other people too.
Back to top
tdonovan
Moderator


Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA
PostPosted: Fri 12 Oct '07 15:52    Post subject: Reply with quote
A couple of problems:
    OpenSSL on Windows does not always use the OPENSSL_CONF env var.
    You could add the switch -config %OPENSSL_CONF% to the req command.

    Apache does not support prompting for your key password via SSLPassPhraseDialog builtin on Windows.
    It is common not to use a password for the key file on Windows. Replace -des3 with -nodes for no key password.
    You must be sure to protect your server.key file from unauthorized access when you don't have a key password.

You can create a test certificate using a single command, executed in the Apache \bin directory:
Code:
openssl.exe  req  -new  -newkey rsa:4096  -x509  -nodes  -config ..\conf\openssl.cnf  -days 1460  -out ..\conf\server.crt  -keyout ..\conf\server.key  -extensions v3_req
Note that this is a single long command, even though it wraps in the Code: box above.

This will prompt for various fields (Country, State, Locality, email, etc.). The only critical response is to the prompt: "Common Name (eg, YOUR name) []:"
You must enter your ServerName exactly as you will use it in a https://ServerName/ URL. It should also match the ServerName directive in your httpd.conf file.

Hope this helps,

-tom-
Back to top


Reply to topic   Topic: Certificate creation problem Apache 2.2.6 ASF View previous topic :: View next topic
Post new topic   Forum Index -> Apache