[Snort-users] certificate verify error
emechler at ...7719...
Wed Apr 9 12:10:07 EDT 2003
:: I think I am just going to start again with these certificates and
:: create some more...
:: So, If I can just verify what I need to do:
:: /usr/bin/openssl genrsa -out ssl.key 1024
:: to generate a private key, and then:
:: /usr/bin/openssl req -new -x509 -days 365 -key ssl.key -out ssl.cert
:: to generate a certificate using the key.
You can do this all on one line (ie, generate a self-signed certificate) by
just doing this:
openssl req -x509 -new -days 365 -outform PEM -nodes -out cert.pem
If you want to have your certificate encrypted (such that you need a
password to startup Apache with -DSSL) then remove the -nodes option.
This will put your certificate into cert.pem, and your private key into
:: and then where is the best place to put ssl.key and ssl.cert?
:: (my apache httpd.conf is in /etc/httpd/conf/)
Your certificate file should go into /etc/httpd/conf/ssl.crt/server.pem,
and the key should go into /etc/httpd/conf/ssl.key/server.key. The ssl.crt
directory should be perms 755, and the ssl.key directory should be 700.
When in doubt, jut follow the examples in the sample httpd.conf.
:: Do I also need to generate another file from these two for the
:: SSLCACertificateFile ?
This is entirely optional. You really only need this if you want to client
side certificate authorization, which it doesn't sound like you're doing.
Cheers - Erick
More information about the Snort-users