Re: [Pi3web-users] Re: Dumber than a Rock about Openssl
Brought to you by:
zimpel
Menu
▾
▴
Re: [Pi3web-users] Re: Dumber than a Rock about Openssl
|
From: <rap...@fr...> - 2002-09-27 23:46:39
|
Hi Holger, ** Yes, the demo key/certificate worked. ** Regarding the key/certificate generation, here are the steps I = followed : 1. generate a CA certificate : openssl genrsa -des3 -out CA.key 1024 openssl req -new -key CA.key -x509 -days 1095 -out CA.crt 2. generate a CSR for the Web site and sign it with the CA to get a = certificate : openssl genrsa -des3 -out web.key openssl req -new -key web.key -out web.csr openssl x509 -req -days 365 -in web.csr -CA ca.crt -CAkey ca.key = -CAcreateserial -out web.crt As I understand, the root certificate was self-signed, but the web = site's one should be signed with the root (ie the CA certificate - am I = wrong ?) Regarding the passphrase of the web site's key no problem, I'll = generate a key with none and give you a feed back. ** other parameters : SSL v2 (on), SSL v3 (on), TLS 1.0 (off), Debug log = (on), client certification (none), depth =3D 1, cipher list =3D DEFAULT, = MSIE bug (on), Hack (on). One more question : by default the path to = demo key/certificate is ./<file>. Can we give an absolute path from root = disk (eg C:\CA_Stuff\Private\web.key for the key and = C:\CA_Stuff\Certs\web.crt for the Certificate) or do we have to give a = relative path from Pi3web\bin ? ** I've switched on SSL Debug but when I look at the file it's empty. I = do not see any log file for openssl in bin directory. Sorry. ** I used MS IE 5.5 SP2 and Netscape 4.77 (running on a client on same = LAN (win ME) and on the web server itself (win 95 sr2b) ** No message, neither dialog : the browser is still openning the page = from the web site but nothing appear on the screen, and after 5 minutes = it finally say that the web site had some problem... try to reload the = page Some more questions : I want to send certificates to users of my web = site so that I will activate the "client certificate = verification"=3Dmandatory with a deepth level of 2; Do I need to remove the passphrase from the CA key ? (I hope no) What are your hints for generating Users certificates ? Thank you for your help. Regards, Rapha=EBl ----- Original Message -----=20 From: "Holger Zimmermann" <zi...@t-...> To: "Rapha=EBl Pr=E9cigout" <rap...@fr...> Cc: <pi3...@li...> Sent: Friday, September 27, 2002 6:43 AM Subject: Re: [Pi3web-users] Re: Dumber than a Rock about Openssl > Hi Raphael, >=20 > I've a couple of questions to figure out, what needs to be done > in order to solve your issue: > - Did the demo key/certificate work? > - What parameters for private key/certificate generation did you use? > (e.g. the root certificate of the server certificate tree must be > self-signed, the private key file must not be secured by a pass phrase > due to non-interactive startup of the server service) > - What other settings are you using (Cipher list SSLv2/3/TLSv1.0 = etc.)? > - Did you switch on SSL debug for testing? > - Could you provide me a debug log of openssl (in ./Pi3Web/bin/)? > - What browser (vendor/version) did you use? > - Were any error msgs. or dialogs shown, when you tried to connect > the server via https with the browser? > --=20 > regards > Holger >=20 > TMTOWTDI - There's More Than One Way To Do It - Perl motto > ---------------------------------------------------------- > Holger 'zimpel' Zimmermann > ---------------------------------------------------------- > Wendishain > Germany > ---------------------------------------------------------- > http://home.t-online.de/home/zimpel/ > http://pi3web.sourceforge.net/ >=20 > mailto:zi...@t-... > ---------------------------------------------------------- >=20 >=20 > Rapha=EBl Pr=E9cigout wrote: >=20 > > Another documentation web page could be found here : = http://tirian.magd.ox.ac.uk/~nick/openssl-certs/index.shtml > >=20 > > I've some difficulties to make Pi3web working with my own = certificates : I've set my own CA and then issued a certificate for my = web server, but after replacing files (certificate and key) in the admin = gui i can't view any page through https. > >=20 > > A how to on the topic would be great Idea. > >=20 > > Thanks in advance > >=20 > > Rapha=EBl > >=20 > >=20 > >=20 > > ------------------------------------------------------- > > This sf.net email is sponsored by:ThinkGeek > > Welcome to geek heaven. > > http://thinkgeek.com/sf > > _______________________________________________ > > Pi3web-users mailing list > > Pi3...@li... > > https://lists.sourceforge.net/lists/listinfo/pi3web-users > >=20 > >=20 >=20 >=20 >=20 >=20 > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Pi3web-users mailing list > Pi3...@li... > https://lists.sourceforge.net/lists/listinfo/pi3web-users > |
