From owner-freebsd-current  Sun May  7 15: 3:21 2000
Delivered-To: freebsd-current@freebsd.org
Received: from mail.hiwaay.net (fly.HiWAAY.net [208.147.154.56])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2CB2C37BD57; Sun,  7 May 2000 15:03:18 -0700 (PDT)
	(envelope-from sprice@hiwaay.net)
Received: from localhost (sprice@localhost)
	by mail.hiwaay.net (8.10.1/8.10.1) with ESMTP id e47M3AY21671;
	Sun, 7 May 2000 17:03:11 -0500 (CDT)
Date: Sun, 7 May 2000 17:03:10 -0500 (CDT)
From: Steve Price <sprice@hiwaay.net>
To: Doug Barton <DougB@gorean.org>
Cc: Kris Kennaway <kris@FreeBSD.org>,
	Forrest Aldrich <forrie@navipath.com>, current@FreeBSD.org
Subject: Re: RSA decrypt problems
In-Reply-To: <3915C5AF.9DE22474@gorean.org>
Message-ID: <Pine.OSF.4.21.0005071654270.24280-100000@fly.HiWAAY.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.OSF.4.21.0005071654272.24280@fly.HiWAAY.net>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, 7 May 2000, Doug Barton wrote:

# 	Ok, here are some silly questions. Did you create a private key for
# this server, did you encrypt your cert with it, and is that .key file
# pointed to in your httpd.conf config file? SSLCertificateKeyFile is what
# you're looking for. http://www.modssl.org/related/ has some really good
# resources for this, and their FAQ has step by step instructions for
# creating and testing keys and certs that may help you track down where
# in the process it's getting lost. 

I did create a key for my server with the following command

	ssh-keygen -f /etc/ssh/ssh_host_key

I didn't encrypt a cert with it.  This is on a test box and
up until a few days ago the only steps I ever had to take
were to install one of the apache13-*ssl ports, crank up apache,
and it just worked.  Of course this could be where I've gone
astray, as it appears this no longer works. :)  I've been using
the 'Snake Oil' certs that come with these ports up until now,
since the box is behind a firewall and not in production yet.

# 	Also, did you install the openssl port, or are you using the openssl
# that is part of the base in 4.0+? I vaguely remember you saying that you
# were using the port. If so, cd to /usr/local/openssl and cp
# openssl.cnf.sample to openssl.cnf. 

I'm not using the port.  I'm using the bits that come with
-current (and 4.0 on another box).  At Kris' suggestion I
did copy over an /etc/ssl/openssl.cnf file but that didn't
seem to help with the problem I'm having. :(

Thanks.

-steve



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message