Re: Self signed cert

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Kevin Fries
Date:  
To: Main PLUG discussion list
Subject: Re: Self signed cert
If you are looking to build VMs that are consistent, you should really be
using Vagrant to build your VMs.

Kevin
On Jul 4, 2015 4:41 PM, "Keith Smith" <> wrote:

>
> Thanks!!! I'll try this. I'm hoping for once cert for all sites.
>
>
>
> On 2015-07-04 15:34, JD Austin wrote:
>
>> Usually it's something like this:
>>
>> # Generate private key
>> openssl genrsa -out ca.key 2048
>>
>> # Generate CSR
>> openssl req -new -key ca.key -out ca.csr
>>
>> # Generate Self Signed Key
>> openssl x509 -req -days 999 -in ca.csr -signkey ca.key -out ca.crt
>>
>> # Copy the files to the correct locations
>> cp ca.crt /etc/pki/tls/certs/localhost.crt
>> cp ca.key /etc/pki/tls/private/localhost.key
>> cp ca.csr /etc/pki/tls/private/ca.csr
>>
>> -- JD Austin
>> Voice: 480.269.4335 (480 2MY Geek)
>>
>>
>> On Fri, Jul 3, 2015 at 8:17 PM, Keith Smith
>> <> wrote:
>>
>> It was easier to just start over - 20 min and the cert is not an
>>> issue any longer.
>>>
>>> On 2015-07-03 18:39, Keith Smith wrote:
>>>
>>> Hi,
>>>>
>>>> I'm setting up a VirtualBox and am setting up a VM using CentOS
>>>> 6.6.
>>>> Everything was running and I could see default welcome page in
>>>> desktop
>>>> by using the IP for the URL.
>>>>
>>>> Then I wanted to configure a virtual host as a dev / test site.
>>>>
>>>> I tried creating the SSL Cert by using openssl.
>>>>
>>>> # cd /etc/pki/tls/certs
>>>> # make mycert.pem
>>>>
>>>> This confused me. I noticed there was a file
>>>> /etc/pki/tls/localhost.crt that had been created today so I
>>>> deleted
>>>> it.
>>>>
>>>> Ten I using the command:
>>>>
>>>> openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout
>>>> /etc/httpd/ssl/test-site-name.key -out
>>>> /etc/httpd/ssl/test-site-name.crt
>>>>
>>>> Which created the certs.
>>>>
>>>> I configured the virtual host and when I restarted Apache it just
>>>> fails w/o any message.
>>>>
>>>> The logs:
>>>>
>>>> tail error_log
>>>> [Fri Jul 03 17:49:36 2015] [notice] suEXEC mechanism enabled
>>>> (wrapper:
>>>> /usr/sbin/suexec)
>>>> [Fri Jul 03 17:51:27 2015] [notice] suEXEC mechanism enabled
>>>> (wrapper:
>>>> /usr/sbin/suexec)
>>>> [Fri Jul 03 17:52:28 2015] [notice] suEXEC mechanism enabled
>>>> (wrapper:
>>>> /usr/sbin/suexec)
>>>> [Fri Jul 03 17:56:13 2015] [notice] suEXEC mechanism enabled
>>>> (wrapper:
>>>> /usr/sbin/suexec)
>>>> [Fri Jul 03 17:57:13 2015] [notice] suEXEC mechanism enabled
>>>> (wrapper:
>>>> /usr/sbin/suexec)
>>>> [Fri Jul 03 17:57:19 2015] [notice] suEXEC mechanism enabled
>>>> (wrapper:
>>>> /usr/sbin/suexec)
>>>> [Fri Jul 03 17:59:35 2015] [notice] suEXEC mechanism enabled
>>>> (wrapper:
>>>> /usr/sbin/suexec)
>>>> [Fri Jul 03 18:02:14 2015] [notice] suEXEC mechanism enabled
>>>> (wrapper:
>>>> /usr/sbin/suexec)
>>>> [Fri Jul 03 18:02:46 2015] [notice] suEXEC mechanism enabled
>>>> (wrapper:
>>>> /usr/sbin/suexec)
>>>> [Fri Jul 03 18:03:17 2015] [notice] suEXEC mechanism enabled
>>>> (wrapper:
>>>> /usr/sbin/suexec)
>>>>
>>>> tail ssl_error_log
>>>> [Fri Jul 03 18:02:14 2015] [error] Unable to configure RSA server
>>>> private key
>>>> [Fri Jul 03 18:02:14 2015] [error] SSL Library Error: 185073780
>>>> error:0B080074:x509 certificate
>>>> routines:X509_check_private_key:key
>>>> values mismatch
>>>> [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate is a CA
>>>> certificate (BasicConstraints: CA == TRUE !?)
>>>> [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate
>>>> CommonName
>>>> (CN) `localhost.localdomain' does NOT match server name!?
>>>> [Fri Jul 03 18:02:46 2015] [error] Unable to configure RSA server
>>>> private key
>>>> [Fri Jul 03 18:02:46 2015] [error] SSL Library Error: 185073780
>>>> error:0B080074:x509 certificate
>>>> routines:X509_check_private_key:key
>>>> values mismatch
>>>> [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate is a CA
>>>> certificate (BasicConstraints: CA == TRUE !?)
>>>> [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate
>>>> CommonName
>>>> (CN) `localhost.localdomain' does NOT match server name!?
>>>> [Fri Jul 03 18:03:17 2015] [error] Unable to configure RSA server
>>>> private key
>>>> [Fri Jul 03 18:03:17 2015] [error] SSL Library Error: 185073780
>>>> error:0B080074:x509 certificate
>>>> routines:X509_check_private_key:key
>>>> values mismatch
>>>>
>>>> Tried:
>>>>
>>>> openssl x509 -noout -modulus -in your_domain_com.crt | openssl
>>>> md5
>>>> openssl rsa -noout -modulus -in your_domain_com.key | openssl md5
>>>>
>>>> and got matching numbers.
>>>>
>>>> Any help is much appreciated.
>>>>
>>>
>>> --
>>> Keith Smith
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list -
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
>>>
>>
>>
>>
>> Links:
>> ------
>> [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list -
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
> --
> Keith Smith
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss