[TriLUG] Installing 128-bit SSL Cert on Fedora Core 1 (Apache)

Jon Carnes jonc at nc.rr.com
Tue Apr 27 17:07:56 EDT 2004


On Tue, 2004-04-27 at 16:09, spain at ncssm.edu wrote:
>  Has anyone installed a Geotrust Cert into apache successfully in fedora core
> 1?
>  
> I've installed plenty of IIS SSL Certs, but this is my first Linux SSL
> configuration.. First it gave me a list of webservers and I picked Apache 2
> from following list below:
>  
>  <javascript:makeWin('/resources/csr/apache_apache_ssl.htm')> Apache +
> ApacheSSL
>  <javascript:makeWin('/resources/csr/apache_mod_ssl.htm')> Apache + MODSSL
>  <javascript:makeWin('/resources/csr/apache_mod_ssl.htm')> Apache + Open 
>  <javascript:makeWin('/resources/csr/apache_raven.htm')> Apache + Raven 
>  <javascript:makeWin('/resources/csr/apache_ssleay.htm')> Apache +SSLeay
>  <javascript:makeWin('/resources/csr/apache2.htm')> Apache 2
> 
>  
> I followed the instructions from
> <http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#installation>
> http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#installation  , created a
> 3DES and PEM-formatted passwordprotected key and CSR.. 
>  
> I look at the output of the CSR that I generated,  but it looks nothing like
> this, which is what geotrust is expecting (  says it should look like  ) .. 
>  
>         SAMPLE ONLY 
> -----BEGIN NEW CERTIFICATE REQUEST-----
> MIIDCjCCAnMCAQAwdTEZMBcGA1UEAxMQaG9zdC5kb21haW4ubmFtZTEVM
> BMGA1UECxMMT3JnYW5pemF0aW9uMRUwEwYDVQQKEwxPcmdhbml6YXRpb2
> 4xDTALBgNVBAcTBENpdHkxDjAMBgNVBAgTBVN0YXRlMQswCQYDVQQGEwJ
> VUzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyZ1dYomQ4jhSr6f/
> G3GYxjS4B837+y3A6xIM9OVXV4ZnSIe9nOLHgdksQJpwaQeOZwWeqifte
> hrJ/s55PvPxok+Tqq0t7BfMkkUSuiYnFdUo1OpDPdw3cEaP9WWSrduouI
> Vnq2AWTDw2ykyxKg6neb2vYTZRvbot7M578Vvh6P8CAwEAAaCCAVMwGgY
> KKwYBBAGCNw0CAzEMFgo1LjAuMjE5NS4yMDUGCisGAQQBgjcCAQ4xJzAl
> MA4GA1UdDwEB/wQEAwIE8DATBgNVHSUEDDAKBggrBgEFBQcDATCB/QYKK
> wYBBAGCNw0CAjGB7jCB6wIBAR5aAE0AaQBjAHIAbwBzAG8AZgB0ACAAUg
> BTAEEAIABTAEMAaABhAG4AbgBlAGwAIABDAHIAeQBwAHQAbwBnAHIAYQB
> wAGgAaQBjACAAUAByAG8AdgBpAGQAZQByA4GJACB3C0g9psK0+V+N/Me1
> JsG39vonCPQBdOwNp6zHJSPCU3FwQ0SgFpEQNy6HEn79I0CMrU93q9Hh1
> TQtd2YU6lWHQunXrIcytmAFVjhibNX6Dp1e41Wjc2N4ilJyy1GFss686c
> dZt2GP6y04I74/OvkW2Wf9nezUrMrESM2PP4B1AAAAAAAAAAAwDQYJKoZ
> IhvcNAQEFBQADgYEAg4+QHTvkP5CG+WcGnrhKiMkJnMP6QEsds40obUDS
> dGtEupQz8C+4xoMd1aM68q9Ri6Va+JTeuhKHxLz9hT/KUJhNBy0sRfnx+
> JkQdrKG69UanTwvLqXINh9xChw9ErIto/2kZI5kl2KYQdiOqTv6p0GEUP
> Rq/MD52Zy3bOzSRF0=
> -----END NEW CERTIFICATE REQUEST----- 
> 
>  
> what I do get is something like this.. 
>  
> Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>             RSA Public Key: (1024 bit)
>                 Modulus (1024 bit):
> adfasdfasdfasdfasdfasdfaafasdf
> asdfasdfasdfasdfasdfasdfasasdf
> asdfasdfasdfasdfasfaasdfasdfasfd
> aasdfasdfsdfasdfasdfadfasdfafaf
>   Exponent: 65537 (0x10001)
>         Attributes:
>             a0:00
>     Signature Algorithm: md5WithRSAEncryption
> afasdflasfasdjflak;sdfjaadfasdfasdf
> asdfaskldfja;sldfjasdfasdfasdfasdf
> asldfajsdklfasj;dlfjafasdfasdfasdf
> asldfja;lksdfja;skldfja;sdfasdfasdf
> alksdfj;alksdfj;asdfkadfasdfasdfasdf
>  
> Am I supposed to past what's between the Modulus and Exponent?  Or did I
> choose the wrong webserver version to execute.. 
>  
> Any advice is appreciated.. 
>  
> 
>   _____  
> 
> Sincerely,
> Jamil Hassan Spain

If you generate it properly you will see the Certificate right after the
Signature Algorithm.  It may be that the Cert was written to a generic
file on your system.

For an example see:
http://www.trilug.org/~jonc/CA_setup/README_2_signing_certs.txt

Good Luck - Jon Carnes




More information about the TriLUG mailing list