Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Certificate creation problem Apache 2.2.6 ASF |
|
Author |
|
SabinF
Joined: 03 May 2006 Posts: 37 Location: Timisoara (Romania)
|
Posted: Thu 11 Oct '07 14:14 Post subject: Certificate creation problem Apache 2.2.6 ASF |
|
|
Can anyone help me? I use ASF distribution of Apache 2.2.6 with OpenSSL and I can't create a certificate. Even though I have set the environment variable OPENSSL_CONF, it says that openssl.exe can't find the file, although it's there.
I use the following script:
Quote: | @echo off
title Certificate Generator
set OPENSSL_CONF="C:\Program Files\Apache Software Foundation\Apache2.2\conf\openssl.cnf"
set OPENSSL_EXE="C:\Program Files\Apache Software Foundation\Apache2.2\bin\openssl.exe"
cd /d "C:\Program Files\Apache Software Foundation\Apache2.2\conf"
%OPENSSL_EXE% genrsa -des3 -out server.key 4096
%OPENSSL_EXE% req -new -key server.key -out server.csr
%OPENSSL_EXE% x509 -req -days 1460 -in server.csr -signkey server.key -out server.crt
del server.csr
del C:\.rnd
pause |
I hope it will be useful to other people too. |
|
Back to top |
|
tdonovan Moderator
Joined: 17 Dec 2005 Posts: 611 Location: Milford, MA, USA
|
Posted: Fri 12 Oct '07 15:52 Post subject: |
|
|
A couple of problems:OpenSSL on Windows does not always use the OPENSSL_CONF env var.
You could add the switch -config %OPENSSL_CONF% to the req command.
Apache does not support prompting for your key password via SSLPassPhraseDialog builtin on Windows.
It is common not to use a password for the key file on Windows. Replace -des3 with -nodes for no key password.
You must be sure to protect your server.key file from unauthorized access when you don't have a key password.
You can create a test certificate using a single command, executed in the Apache \bin directory: Code: | openssl.exe req -new -newkey rsa:4096 -x509 -nodes -config ..\conf\openssl.cnf -days 1460 -out ..\conf\server.crt -keyout ..\conf\server.key -extensions v3_req | Note that this is a single long command, even though it wraps in the Code: box above.
This will prompt for various fields (Country, State, Locality, email, etc.). The only critical response is to the prompt: "Common Name (eg, YOUR name) []:"
You must enter your ServerName exactly as you will use it in a https://ServerName/ URL. It should also match the ServerName directive in your httpd.conf file.
Hope this helps,
-tom- |
|
Back to top |
|
|
|
|
|
|