CCL Home Page
http://www.ccl.net/cca/software/UNIX/apache/apacheRH7.0/files/Certificate-log.shtml
Up Directory CCL Certificate-log.txt
files
#mod_jk_conf_init.txt#, Certificate-log.txt, apache-tomcat.txt, apache_start.c.txt, apache_stop.c.txt, cjdk1.1.txt, cjdk1.2.txt, cjdk1.3.txt, cshrc.txt, do_env.txt, env4tomcat.txt, http.conf-init.txt, httpd-conf-first.txt, httpd-jkl, httpd-jkl-init.txt, httpd-jkl.txt, httpd.conf.txt, jspc.sh.txt, killme.c.txt, mod_jk.so, mod_jk_conf_init.txt, server.xml.init.txt, shutdown.sh.txt, startup.sh.txt, tomcat.sh.txt, workers_properties_init.txt 

Script started on Fri Jan 12 13:53:02 2001
[root@server1 apache_1.3.14]# make certificate TYPE=custom
make[1]: Entering directory `/usr/local/apache_1.3.14/sources/apache_1.3.14/src'
[SSL Certificate Generation Utility] (mkcert.sh)
Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved.

[Generating custom certificate signed by own CA [CUSTOM]]
______________________________________________________________________

[STEP 0: Decide the signature algorithm used for certificates]
The generated X.509 certificates can contain either
RSA or DSA based ingredients. Select the one you want to use.
Signature Algorithm ((R)SA or (D)SA) [R]:
______________________________________________________________________

[STEP 1: Generating RSA private key for CA (1024 bit) [ca.key]]
234567 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
......+++++
................++++++
e is 63437 (0x11001)
______________________________________________________________________

[STEP 2: Generating X.509 certificate signing request for CA [ca.csr]]
Using configuration from .mkcert.cfg
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
1. Country Name             (2 letter code) [XY]:US
2. State or Province Name   (full name)     [Snake Desert]:Ohio
3. Locality Name            (eg, city)      [Snake Town]:Columbus
4. Organization Name        (eg, company)   [Snake Oil, Ltd]:OSC
5. Organizational Unit Name (eg, section)   [Certificate Authority]:CCL
6. Common Name              (eg, CA name)   [Snake Oil CA]:CCL Development
7. Email Address            (eg, name@FQDN) [ca@snakeoil.dom]:jkl@ccl.net
8. Certificate Validity     (days)          [365]:2001^[^?      01    2001
______________________________________________________________________

[STEP 3: Generating X.509 certificate for CA signed by itself [ca.crt]]
Certificate Version (1 or 3) [3]:
Signature ok
subject=/C=US/ST=Ohio/L=Columbus/O=OSC/OU=CCL/CN=CCL Development/Email=jkl@ccl.net
Getting Private key
Verify: matching certificate & key modulus
read RSA key
Verify: matching certificate signature
../conf/ssl.crt/ca.crt: /C=US/ST=Ohio/L=Columbus/O=OSC/OU=CCL/CN=CCL Development/Email=jkl@ccl.net
error 18 at 0 depth lookup:self signed certificate
OK
______________________________________________________________________

[STEP 4: Generating RSA private key for SERVER (1024 bit) [server.key]]
149497 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
.........++++++
...................................................++++++
e is 65537 (0x10001)
______________________________________________________________________

[STEP 5: Generating X.509 certificate signing request for SERVER [server.csr]]
Using configuration from .mkcert.cfg
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
1. Country Name             (2 letter code) [XY]:US
2. State or Province Name   (full name)     [Snake Desert]:Ohio
3. Locality Name            (eg, city)      [Snake Town]:Columbus
4. Organization Name        (eg, company)   [Snake Oil, Ltd]:OSC
5. Organizational Unit Name (eg, section)   [Webserver Team]:CCL Development
6. Common Name              (eg, FQDN)      [www.snakeoil.dom]:server1.ccl.net
7. Email Address            (eg, name@fqdn) [www@snakeoil.dom]:jkl@ccl.net
8. Certificate Validity     (days)          [365]:2000
______________________________________________________________________

[STEP 6: Generating X.509 certificate signed by own CA [server.crt]]
Certificate Version (1 or 3) [3]:
Signature ok
subject=/C=US/ST=Ohio/L=Columbus/O=OSC/OU=CCL Development/CN=server1.ccl.net/Email=jkl@ccl.net
Getting CA Private Key
Verify: matching certificate & key modulus
read RSA key
Verify: matching certificate signature
../conf/ssl.crt/server.crt: OK
______________________________________________________________________

[STEP 7: Enrypting RSA private key of CA with a pass phrase for security [ca.key]]
The contents of the ca.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: n
Warning, you're using an unencrypted private key.
Please notice this fact and do this on your own risk.
______________________________________________________________________

[STEP 8: Enrypting RSA private key of SERVER with a pass phrase for security [server.key]]
The contents of the server.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: n
Warning, you're using an unencrypted RSA private key.
Please notice this fact and do this on your own risk.
______________________________________________________________________

[RESULT: CA and Server Certification Files]

o  [conf/ssl.key/ca.key]
   The PEM-encoded RSA private key file of the CA which you can
   use to sign other servers or clients. [KEEP THIS FILE PRIVATE!]

o  [conf/ssl.crt/ca.crt]
   The PEM-encoded X.509 certificate file of the CA which you use to
   sign other servers or clients. When you sign clients with it (for
   SSL client authentication) you can configure this file with the
   'SSLCACertificateFile' directive.

o  [conf/ssl.key/server.key]
   The PEM-encoded RSA private key file of the server which you configure
   with the 'SSLCertificateKeyFile' directive (automatically done
   when you install via APACI). [KEEP THIS FILE PRIVATE!]

o  [conf/ssl.crt/server.crt]
   The PEM-encoded X.509 certificate file of the server which you configure
   with the 'SSLCertificateFile' directive (automatically done
   when you install via APACI).

o  [conf/ssl.csr/server.csr]
   The PEM-encoded X.509 certificate signing request of the server file which
   you can send to an official Certificate Authority (CA) in order
   to request a real server certificate (signed by this CA instead
   of our own CA) which later can replace the conf/ssl.crt/server.crt
   file.

Congratulations that you establish your server with real certificates.

make[1]: Leaving directory `/usr/local/apache_1.3.14/sources/apache_1.3.14/src'
[root@server1 apache_1.3.14]# exit
exit

Script done on Fri Jan 12 13:56:49 2001

[ CCL Home Page ]
[ files ]
[ Raw Version of this page ]

Modified: Sun Jan 28 04:09:53 2001 GMT
Page accessed 4055 times since Tue Feb 4 14:37:42 2003 GMT