- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Apache SSL problem
Operating System - HP-UX
1752770
Members
4815
Online
108789
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-07-2005 01:59 AM
тАО02-07-2005 01:59 AM
Re: Apache SSL problem
No the SSL certificate and key were created for the application by us.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-07-2005 03:19 AM
тАО02-07-2005 03:19 AM
Re: Apache SSL problem
Seetha,
as my last attempt can you replace the $variables with hardcoded values and try again. My thinking is what happens if $WEB_HOME or $WEB_HOST are incorrect/blank?
That would explain the no such file message.
Regards
as my last attempt can you replace the $variables with hardcoded values and try again. My thinking is what happens if $WEB_HOME or $WEB_HOST are incorrect/blank?
That would explain the no such file message.
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-07-2005 02:24 PM
тАО02-07-2005 02:24 PM
Re: Apache SSL problem
This situation is impossible because all these environment variables are set in a particular ".ksh" file and it is run each time the application starts. Also the application will not start if these variables are not set.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-07-2005 03:43 PM
тАО02-07-2005 03:43 PM
Re: Apache SSL problem
I also tried setting the SSLCertificateFile and SSLCertificateKeyFile specifying the absolute path but still i get the same error. Can some one help me with the problem
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2005 08:21 PM
тАО02-08-2005 08:21 PM
Re: Apache SSL problem
Hi,
I think it looks the CA certificate file.
Try to add SSLCACertificateFile option also.
like:
SSLCertificateFile /tmp/server.crt
SSLCertificateKeyFile /tmp/myserver.key
SSLCACertificateFile /tmp/other-bundle.txt
I think it looks the CA certificate file.
Try to add SSLCACertificateFile option also.
like:
SSLCertificateFile /tmp/server.crt
SSLCertificateKeyFile /tmp/myserver.key
SSLCACertificateFile /tmp/other-bundle.txt
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2005 09:33 PM
тАО02-08-2005 09:33 PM
Re: Apache SSL problem
Here is the steps I did for Apache with SSL:
To build apache with OpenSSL for secure communication, Use following steps.
Steps:
I. Build
a. Untar the Source & configure, gmake and gmake install
# tar -zxvf httpd-2.0.46.tar.gz
b. Configure the apache with options
# cd httpd-2.0.46
# ./configure --prefix=/usr/local/apache --with-ssl=/usr/local/ssl/lib --enable-expires --enable-ssl --enable-rewrite --enable-so --enable-xml --enable-modules=most
b. Compile & install the apache using following commands
# gmake
# gmake install
II. Create Certificate Authority (CA)
a. To create RSA private key
# /usr/local/ssl/bin/openssl genrsa -des3 -out ca.key 1024
Generating RSA private key, 1024 bit long modulus
...++++++
............++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:
#
b. To create self-signed CA certificate
# /usr/local/ssl/bin/openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:TN
Locality Name (eg, city) []:CBE
Organization Name (eg, company) [Internet Widgits Pty Ltd]:cisco
Organizational Unit Name (eg, section) []:OpenSource
Common Name (eg, YOUR name) []:linuxtest.cisco.com
Email Address []:opensource@cisco.com
#
III. Create SSL Certificate
a. To create RSA private key
# /usr/local/ssl/bin/openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
..........++++++
...............................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
#
b. Decrypt private key (so that apache can start w/o asking for password)
# mv server.key server.key.secure
# /usr/local/ssl/bin/openssl rsa -in server.key.secure -out server.key
Enter pass phrase for server.key.secure:
writing RSA key
#
c. To create a Certificate Signing Request (CSR)
# /usr/local/ssl/bin/openssl req -new -days 365 -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:TN
Locality Name (eg, city) []:CBE
Organization Name (eg, company) [Internet Widgits Pty Ltd]:cisco
Organizational Unit Name (eg, section) []:OpenSource
Common Name (eg, YOUR name) []:linuxtest.cisco.com
Email Address []:opensource@cisco.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:welcome
An optional company name []:Senas.net
#
IV. Sign SSL Certificate
# /usr/local/ssl/bin/openssl x509 -req -days 30 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=IN/ST=TN/L=CBE/O=cisco/OU=OpenSource/CN=linuxtest.cisco.com/emailAddress=opensource@cisco.com
Getting Private key
#
V. Create directories for SSL certificate & key and copy the certificate & key to corresponding directories
# mkdir /usr/local/apache/conf/ssl.crt
# mkdir /usr/local/apache/conf/ssl.key
# cp server.crt ssl.crt
# cp server.key ssl.key
VI. Apache configuration
In /usr/local/apache/conf/httpd.conf,
ServerName linuxtest.cisco.com
ServerAdmin sysadmin@linuxtest.cisco.com
VII. Start Apache
# /usr/local/apache/bin/apachectl startssl // both 80 & 443
To check apache whether it listens on port 80 & 443
a. Use "netstat" command
# netstat -na | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
# netstat -na | grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
b. Use the following URL's
http://127.0.0.1/
https://127.0.0.1/
VII. Stop apache
# /usr/local/apache/bin/apachectl stop
To check apache whether it listens on port 80 & 443
# netstat -na | grep 80
# netstat -na | grep 443
#
Note: See the file /usr/local/apache/conf/ssl.conf for SSL configuration
To build apache with OpenSSL for secure communication, Use following steps.
Steps:
I. Build
a. Untar the Source & configure, gmake and gmake install
# tar -zxvf httpd-2.0.46.tar.gz
b. Configure the apache with options
# cd httpd-2.0.46
# ./configure --prefix=/usr/local/apache --with-ssl=/usr/local/ssl/lib --enable-expires --enable-ssl --enable-rewrite --enable-so --enable-xml --enable-modules=most
b. Compile & install the apache using following commands
# gmake
# gmake install
II. Create Certificate Authority (CA)
a. To create RSA private key
# /usr/local/ssl/bin/openssl genrsa -des3 -out ca.key 1024
Generating RSA private key, 1024 bit long modulus
...++++++
............++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:
#
b. To create self-signed CA certificate
# /usr/local/ssl/bin/openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:TN
Locality Name (eg, city) []:CBE
Organization Name (eg, company) [Internet Widgits Pty Ltd]:cisco
Organizational Unit Name (eg, section) []:OpenSource
Common Name (eg, YOUR name) []:linuxtest.cisco.com
Email Address []:opensource@cisco.com
#
III. Create SSL Certificate
a. To create RSA private key
# /usr/local/ssl/bin/openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
..........++++++
...............................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
#
b. Decrypt private key (so that apache can start w/o asking for password)
# mv server.key server.key.secure
# /usr/local/ssl/bin/openssl rsa -in server.key.secure -out server.key
Enter pass phrase for server.key.secure:
writing RSA key
#
c. To create a Certificate Signing Request (CSR)
# /usr/local/ssl/bin/openssl req -new -days 365 -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:TN
Locality Name (eg, city) []:CBE
Organization Name (eg, company) [Internet Widgits Pty Ltd]:cisco
Organizational Unit Name (eg, section) []:OpenSource
Common Name (eg, YOUR name) []:linuxtest.cisco.com
Email Address []:opensource@cisco.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:welcome
An optional company name []:Senas.net
#
IV. Sign SSL Certificate
# /usr/local/ssl/bin/openssl x509 -req -days 30 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=IN/ST=TN/L=CBE/O=cisco/OU=OpenSource/CN=linuxtest.cisco.com/emailAddress=opensource@cisco.com
Getting Private key
#
V. Create directories for SSL certificate & key and copy the certificate & key to corresponding directories
# mkdir /usr/local/apache/conf/ssl.crt
# mkdir /usr/local/apache/conf/ssl.key
# cp server.crt ssl.crt
# cp server.key ssl.key
VI. Apache configuration
In /usr/local/apache/conf/httpd.conf,
ServerName linuxtest.cisco.com
ServerAdmin sysadmin@linuxtest.cisco.com
VII. Start Apache
# /usr/local/apache/bin/apachectl startssl // both 80 & 443
To check apache whether it listens on port 80 & 443
a. Use "netstat" command
# netstat -na | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
# netstat -na | grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
b. Use the following URL's
http://127.0.0.1/
https://127.0.0.1/
VII. Stop apache
# /usr/local/apache/bin/apachectl stop
To check apache whether it listens on port 80 & 443
# netstat -na | grep 80
# netstat -na | grep 443
#
Note: See the file /usr/local/apache/conf/ssl.conf for SSL configuration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-08-2005 09:36 PM
тАО02-08-2005 09:36 PM
Re: Apache SSL problem
Thanks everyone
The error message was due to absence of CA certificate file. When I set the valid file name for SSLCACertificateFile it worked properly.
The error message was due to absence of CA certificate file. When I set the valid file name for SSLCACertificateFile it worked properly.
- « Previous
-
- 1
- 2
- Next »
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP