[Macpartners] Panther Server and SSL
Sean Brown
smbrown at MIT.EDU
Mon Nov 15 16:52:25 EST 2004
Anyone willing to give me a hand getting SSL setup using the MIT CA? When I
get it working I'll write it up and send it along to the IS&T Web team to
publish.
So far I have generated the CSR, and Received the cert back from the network
group. I used the instructions here:
<http://web.mit.edu/apache-ssl/www/README.certificate > for that.
I duplicated the site in server admin and made the following changes:
port: 443
In Security tab:
[X] Enable SSL
Entered the pass phrase I used when generating the CSR
Certificate file: /etc/certs/getfit.mit.edu-cert.pem (the cert I got back
from network)
Key File: /etc/certs/https-key.pem (the file I generated using the
instructions at above URL)
CA File: /etc/certs/mitca.ca (from: <http://bs.mit.edu/mitca.ca>
Clicked save, got the warning message (You have to perform a *full* server
restart when you added or removed a certificate and/or key file)
The server won't start with this site activated. (from server admin and from
command line).
smbrown$ tail /var/log/httpd/ssl_engine_log
[15/Nov/2004 16:39:55 20397] [info] Init: Configuring server
getfit.mit.edu:443 for SSL protocol
[15/Nov/2004 16:39:55 20397] [error] Init: (getfit.mit.edu:443) Ops, no RSA
or DSA server certificate found?!
[15/Nov/2004 16:39:55 20397] [error] Init: (getfit.mit.edu:443) You have to
perform a *full* server restart when you added or removed a certificate
and/or key file
[15/Nov/2004 16:40:31 20461] [info] Init: Loading certificate & private key
of SSL-aware server getfit.mit.edu:443
Any help appreciated. /s
...
sean brown - wcs - <smbrown at mit.edu> 617.252.1494
mit - is&t - client support services - N42-240B
More information about the Macpartners
mailing list