yhuang95411 回复于:2004-12-19 10:53:02
libghttp-devel-1.0.9-5
httpd-devel-2.0.40-8
httpd-manual-2.0.40-8
httpd-2.0.40-8
libghttp-1.0.9-5
yhuang95411 回复于:2004-12-19 11:12:15
澄清一下:
所用系统为Red Hat
FunBSD 回复于:2005-01-05 09:35:36
我帮你顶一下
wingger 回复于:2005-01-05 13:21:18
Make sure OpenSSL is really installed and in your PATH. But some commands even work ok when you just run the ``openssl'' program from within the OpenSSL source tree as ``./apps/openssl''.
Create a RSA private key for your Apache server (will be Triple-DES encrypted and PEM formatted):
[code:1:ba56aab0e6]$ openssl genrsa -des3 -out server.key 1024[/code:1:ba56aab0e6]
Please backup this server.key file and remember the pass-phrase you had to enter at a secure location. You can see the details of this RSA private key via the command:
[code:1:ba56aab0e6]$ openssl rsa -noout -text -in server.key[/code:1:ba56aab0e6]
And you could create a decrypted PEM version (not recommended) of this RSA private key via:
[code:1:ba56aab0e6]$ openssl rsa -in server.key -out server.key.unsecure[/code:1:ba56aab0e6]
Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):
[code:1:ba56aab0e6]$ openssl req -new -key server.key -out server.csr[/code:1:ba56aab0e6]
Make sure you enter the FQDN ("Fully Qualified Domain Name") of the server when OpenSSL prompts you for the "CommonName", i.e. when you generate a CSR for a website which will be later accessed via https://www.foo.dom/, enter "www.foo.dom" here. You can see the details of this CSR via the command
[code:1:ba56aab0e6]$ openssl req -noout -text -in server.csr[/code:1:ba56aab0e6]
其它一样,在REDHAT
wingger 回复于:2005-01-05 13:25:33
停止 httpd:[失败]
启动 httpd:Apache/2.0.40 mod_ssl/2.0.40 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.
Server new.host.name:443 (RSA)
Enter pass phrase:
Ok: Pass Phrase Dialog successful.
[失败]
为什么会这样?
wingger 回复于:2005-01-05 13:38:19
刚才没修改ssl.conf文件,修改后启动如下错误
启动 httpd:Apache/2.0.40 mod_ssl/2.0.40 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.
Server new.host.name:443 (RSA)#错误的输入密码
Enter pass phrase:
Apache:mod_ssl:Error: Pass phrase incorrect (5 more retries permitted).
Enter pass phrase:#密码错误
1077372096:error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag:a_set.c:179:
1077372096:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:939:
1077372096:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:304:Type=RSA
1077372096:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:d2i_pr.c:96:
Apache:mod_ssl:Error: Pass phrase incorrect (4 more retries permitted).
Enter pass phrase:#正解的密码
[失败]
Yarco 回复于:2005-01-07 13:22:50
这个我试过.就是有些问题不明白.
1.CA证书如何制作.
似乎单纯用openssl无法制作自签名的CA证书.我看了很多网上的资料,说是apache附带有一个sign.sh的脚本.但我找来找去找不到.
2.如何让
wingger 回复于:2005-01-07 13:28:04
sign.sh是mod_ssl自带的,但www.modssl.org上的mod_ssl只支持apache1的,我这里有一个sign.sh文件,如何你要的话,我可以贴出来,我用过sign.sh,不过签不了证书,至少我没签成功过
Yarco 回复于:2005-01-07 14:05:02
晕...害我啊
[quote:3414839e85]不过签不了证书,至少我没签成功过[/quote:3414839e85]
签不了也给我.:)
ghostwx 回复于:2005-01-07 14:06:18
用openssl可以的
openssl genrsa -des3 -rand file1:file2:file3 -out yourca.key
file1-3 是随意任何文件
openssl req -new -key yourca.key -out yourca.csr
产生证书请求
openssl x509 -req -days 30 -in yourca.csr -signkey yourca.key -out yourca.cert
产生证书
note:你需要有一个openssl.cnf文件,如果没有创建一个,用-config 指明,具体格式可以自己到www.openssl.org看看
wingger 回复于:2005-01-07 14:19:58
openssl的参数-signkey就可签证,不需sign.sh呵呵
ataman 回复于:2005-03-23 23:36:06
我的https成功了,能上;ca认证什么的也成功了。但最不爽最关键的是:
客户端登陆网站时证书验证不通过!我基本上都是按照楼主和其他资料作的。
我是在自己的机器上做试验的,服务器客户都在一台机器上。作了好几个pfs的证书,登录网站时没一个能登上的。
winxp pro sp2, apache 2.0.53 ,openssl 0.97e(mod_ssl,openssl.cnf都有)
国家我都是cn,所有的域名都是www.xxx.com 邮箱xxx@xxx.com,部门都是ga,小部门都是rs.....所有文件所要填的信息都相同。我都是按照楼主的步骤来的,可能是什么问题呢?
我自始至终都是用1个用户登陆的
ioly 回复于:2005-04-28 08:52:12
我也出现了
停止 httpd:[失败]
启动 httpd:Apache/2.0.40 mod_ssl/2.0.40 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.
Server new.host.name:443 (RSA)
Enter pass phrase:
Ok: Pass Phrase Dialog successful.
[失败]
的错误,求助!
squall1 回复于:2005-04-30 23:37:13