From owner-freebsd-questions@FreeBSD.ORG Sat Jul 12 17:42:34 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 29AC337B401 for ; Sat, 12 Jul 2003 17:42:34 -0700 (PDT) Received: from mta6.snfc21.pbi.net (mta6.snfc21.pbi.net [206.13.28.240]) by mx1.FreeBSD.org (Postfix) with ESMTP id B879943F93 for ; Sat, 12 Jul 2003 17:42:33 -0700 (PDT) (envelope-from mbsd@pacbell.net) Received: from atlas ([64.166.23.114]) by mta6.snfc21.pbi.net (iPlanet Messaging Server 5.1 HotFix 1.6 (built Oct 18 2002)) with ESMTP id <0HHX00CLETTDR8@mta6.snfc21.pbi.net> for freebsd-questions@freebsd.org; Sat, 12 Jul 2003 17:39:13 -0700 (PDT) Date: Sat, 12 Jul 2003 17:39:13 -0700 (PDT) From: =?ISO-8859-1?Q?Mikko_Ty=F6l=E4j=E4rvi?= In-reply-to: <20030713001401.M81814@enabled.com> X-X-Sender: mikko@atlas.home To: admin Message-id: <20030712173646.X32110@atlas.home> MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII Content-transfer-encoding: 7BIT References: <20030713001401.M81814@enabled.com> cc: freebsd-questions@freebsd.org Subject: Re: mod_ssl question: using my own CA? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jul 2003 00:42:34 -0000 On Sat, 12 Jul 2003, admin wrote: > OS: FreeBSD 4.8 > apache 1.3.27 > modssl 2.8.14 > > goals: > > generate a server.crt file for apache > generate a server.key file for apache > I will be my own CA > > Hi, > > okay I am trying to find a way to overcome this most elusive and vague > documentationt that I am finding on the modssl.org website. I am completely > confused by the documentation at this point. > > from: > http://www.modssl.org/docs/2.7/ssl_faq.html#ToC29 "So a script named sign.sh is distributed with the mod_ssl distribution" ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > --- snip ---- > 4. Now you can use this CA to sign server CSR's in order to create real SSL > Certificates for use inside an Apache webserver (assuming you already have a > server.csr at hand): > > $ ./sign.sh server.csr > > This signs the server CSR and results in a server.crt file. > > shell# find / -name sign.sh % tar ztf mod_ssl-2.8.14-1.3.27.tar.gz | grep sign.sh mod_ssl-2.8.14-1.3.27/pkg.contrib/sign.sh $.02, /Mikko