Re: Problems with SSL accessw through a web browser

From: Alexander Dalloz (ad+lists_at_uni-x.org)
Date: 11/19/04

  • Next message: Emmanuel Seyman: "Re: ncurses problem?" 
    To: akonstam@trinity.edu, For users of Fedora Core releases <fedora-list@redhat.com>
Date: Fri, 19 Nov 2004 02:37:24 +0100

    Am Fr, den 19.11.2004 schrieb akonstam@trinity.edu um 2:03:

    > Can someone hint how one creates this needed certificate and where the
    > file resides and under what name. I saw there was a Makefile that is
    > supposed to do this but all I managed to do using that Makefile is
    > secure the httpd server so that it could not be restarted without
    > entering a passphrase.

    > Aaron Konstam

    There are different possibilities how you can create (and manage) such
    certificates. In any way the base tool use OpenSSL, which you can use
    directly. http://sial.org/howto/openssl/ has some good papers. Some days
    old documentation by Red Hat on
    http://www.redhat.com/support/resources/faqs/RH-apache-FAQ/c163.html.
    The Fedora OpenSSL comes with the script /usr/share/ssl/misc/CA.

    One very basic thing is that the Common Name (CN) of the server service
    cert has to fit it's hostname. In some cases you would only get a
    warning if they differ, in other situations / with other clients the
    services is deferred.

    Speaking about Apache on Fedora the default location for the SSL server
    hostcert is /etc/httpd/conf/ssl.crt/, for the hostkey it is
    /etc/httpd/conf/ssl.key/. The location for the dovecot cert is
    /usr/share/ssl/certs/. Don't know from head whether this location is
    hard coded during compilation or configurable with dovecot.conf. For the
    obsolete uw-imapd it was hard coded.

    Hope it helps a bit.

    Alexander 

    -- 
Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.8-1.521smp 
Serendipity 02:35:44 up 1 day, 4:21, load average: 0.02, 0.26, 0.35 



    


    -- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Emmanuel Seyman: "Re: ncurses problem?"

    Relevant Pages

    • RE: fedora-list Digest, Vol 6, Issue 266
      ... Re: OT: Setting up a forwarding mail domain in DMZ without ... Re: Sound Problem ... downloaded the yum.conf for fedora from Redhat's website. ... Server: Fedora.us Extras ...
      (Fedora)
    • Re: Understanding iptables FC4
      ... > If any of you have set this up on Fedora 4 that would be great. ... went from redhat 9 to fedora core 3. ... vsftpd FTP server, had apache setup for my web server, then added user ... Instead of using telnet, I used ...
      (alt.os.linux)
    • Re: Understanding iptables FC4
      ... >>If any of you have set this up on Fedora 4 that would be great. ... > vsftpd FTP server, had apache setup for my web server, then added user ... Instead of using telnet, I used ... > of this on redhat 9 and using a home ADSL Internet account. ...
      (alt.os.linux)
    • RE: large server
      ... > frequently reads and writes files from and into a nfs mounted server. ... >> compatibility (Alexander Dalloz) ... Aliens have been attacking ... >> suggest waiting a week and installing Fedora Core 4. ...
      (Fedora)
    • Re: production server
      ... After a 2 hour install process it ... There are offspring sites that are providing packages ... being a server.. ... Then I came full circle back to Fedora, for all its faults it does ...
      (Fedora)