|
files
|
|
#tomcat.sh1.txt#,
Certificate-log.txt,
apache-tomcat.txt,
apache_start.c.txt,
apache_stop.c.txt,
cjdk1.1.txt,
cjdk1.2.txt,
cjdk1.3.txt,
cshrc.txt,
do_env.txt,
http.conf-init.txt,
httpd-conf-first.txt,
httpd-jkl,
httpd-jkl-init.txt,
httpd-jkl.txt,
httpd.conf.txt,
httpd.jkl.txt,
jspc.sh.txt,
junk,
killme.c.txt,
mod_jk.so,
mod_jk_conf_init.txt,
server.xml.init.txt,
setmyenv.txt,
shutdown.sh.txt,
startup-mess.txt,
startup.sh.txt,
tomcat.sh.txt,
tomcat.sh1.txt,
workers_properties_init.txt
|
|
|
#--- Note, I that I am entering the machine name (pse.ccl.net) as common name
#--- This produces certificates which are valid for 365 days. If you want
#--- Longer lasting certificates, edit Makefile and replace 365 with the
#--- number of days you want. I usually put 1000 days, since I do not really
#--- serve hash staff, and the whole certificate stuff is just to protect
#--- privacy. But id you do something which really needs to be encrypted,
#--- then you do not do this stuff, but get a real certificate from
#--- the real certificate agency (Check your browser for the ones which
#--- your browser recognizes as CAs.).
# mkdir old-keys
# mv ssl* old-keys
# mkdir ssl.key
# mkdir ssl.csr
# mkdir ssl.crt
# -- make the private/public key pair
# make genkey
umask 77 ; \
/usr/bin/openssl genrsa -des3 1024 > /etc/httpd/conf/ssl.key/server.key
Generating RSA private key, 1024 bit long modulus
.........................++++++
................++++++
e is ababab (0x122434)
Enter PEM pass phrase: # I entered some password!!!
Verifying password - Enter PEM pass phrase:
# -- this is to remove password from the private/public key
# -- since otherwise, you would have to enter at boot time.
# openssl rsa -in ssl.key/server.key -out ssl.key/server.key.unsecure
read RSA key
Enter PEM pass phrase:
writing RSA key
# -- copy the "unpassworded" {:-)} key over the encrypted one.
# cp ssl.key/server.key.unsecure ssl.key/server.key
cp: overwrite `ssl.key/server.key'? y
# -- produce certificate request (i.e., the thing which you will sign).
# make certreq
umask 77 ; \
/usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -out /etc/httpd/conf/ssl.csr/server.csr
Using configuration from /usr/share/ssl/openssl.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Ohio
Locality Name (eg, city) []:Columbus
Organization Name (eg, company) [Internet Widgits Pty Ltd]:OSC
Organizational Unit Name (eg, section) []:Science
Common Name (eg, your name or your server's hostname) []:pse.ccl.net
Email Address []:jkl@ccl.net
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# -- produce the Certificate Authority Certificate, and sign your
# -- certificate from above with it.
# make testcert
umask 77 ; \
/usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -x509 -days 365 -out /etc/httpd/conf/ssl.crt/server.crt
Using configuration from /usr/share/ssl/openssl.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Ohio
Locality Name (eg, city) []:Columbus
Organization Name (eg, company) [Internet Widgits Pty Ltd]:OSC
Organizational Unit Name (eg, section) []:Science
Common Name (eg, your name or your server's hostname) []:pse.ccl.net
Email Address []:jkl@ccl.net
|
