How to attach OpenSSL certificate to a website

Hi to all,
This is my first mail to this group. I am currently working
on an assignment in wihch "I have to attach digital signature certified
my certificate authority to a local site (e.g:www.xyz.com) running on
my linux system.
Here my system should act as Certified Authority, Apache web
server and DNS server. I have sucessfully created a certificate by
executing the following commands.

# mkdir CA
# cd CA
# mkdir newcerts private
# echo '01' >serial
# touch index.txt
# openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem \
-out cacert.pem -days 365 -config ./openssl.cnf
# openssl req -new -nodes -out req.pem -config ./openssl.cnf
# openssl ca -out cert.pem -config ./openssl.cnf -infiles req.pem

During executing these commands I wrote my own configuration file
openssl.cnf.
This creates a certificate with name cert.pem.

The next step where I got stuck is to make my system a web
server (apache) and a DNS server. So that I can attach the certificate
to the site I have made the certificate for. For this there is need for
adding some directives to httpd.conf file i.e adding a virtual host. In
simple words "how to make my system a web server and a DNS server"

Any help regarding this will be appreciated.

regards,
WASEEM

On Thu, 02 Mar 2006 23:32:32 -0500, Waseem <(E-Mail Removed)> wrote:

> Hi to all,
> This is my first mail to this group. I am currently working
> on an assignment in wihch "I have to attach digital signature certified
> my certificate authority to a local site (e.g:www.xyz.com) running on
> my linux system.
> Here my system should act as Certified Authority, Apache web
> server and DNS server. I have sucessfully created a certificate by
> executing the following commands.
>
> # mkdir CA
> # cd CA
> # mkdir newcerts private
> # echo '01' >serial
> # touch index.txt
> # openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem \
> -out cacert.pem -days 365 -config ./openssl.cnf
> # openssl req -new -nodes -out req.pem -config ./openssl.cnf
> # openssl ca -out cert.pem -config ./openssl.cnf -infiles req.pem
>
> During executing these commands I wrote my own configuration file
> openssl.cnf.
> This creates a certificate with name cert.pem.
>
> The next step where I got stuck is to make my system a web
> server (apache) and a DNS server. So that I can attach the certificate
> to the site I have made the certificate for. For this there is need for
> adding some directives to httpd.conf file i.e adding a virtual host. In
> simple words "how to make my system a web server and a DNS server"

Certificates come from certified authorities, they don't make you one.
They are not required to make your system a webserver or a dns server.
DNS doesn't use certificates. Read the bind/named man page for how to
set it up.
http doesn't use certificates. https does. Read the apache manual for how
to install an ssl certificate for https.

"Joe Beanfish" <(E-Mail Removed)> (06-03-03 13:53:57):

> DNS doesn't use certificates. Read the bind/named man page for how to
> set it up.

BIND supports "secure" DNS, which, in fact, does use certificates.


Regards.

"Waseem" <(E-Mail Removed)> écrivait news:1141360352.506393.110960
@u72g2000cwu.googlegroups.com:

> Here my system should act as Certified Authority, Apache web
> server and DNS server. I have sucessfully created a certificate by
> executing the following commands.
>
> ...

So, for the web serveur (apache), add the following directive and virtual
host (example) :


Listen 443

<VirtualHost *:443>

ServerName www.babylon.fr.eu.org
ServerAdmin (E-Mail Removed)

DocumentRoot /home/public/www/www.babylon.fr.eu.org/htdocs
ScriptAlias /cgi-bin/ /home/public/www/www.babylon.fr.eu.org/cgi-bin/

ErrorLog /var/log/apache2/babylon.fr.eu.org-error.log
CustomLog /var/log/apache2/babylon.fr.eu.org-access.log common

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem

</VirtualHost>


where 443 is the standard HTTPS port, and /etc/apache2/ssl/apache.pem is
your RAS private key/certificate file.

The two directive SSLEngine and SSLCertificateFile are the SSL importante
one. Of course you should have SSL support enabled on your apache web
serveur.

If you want to auto start the web serveur you should set a blank
passphrase to the certificate private ke.


Regards

I dint mean Web server or DNS server uses certificates. In order to
test it I have to make my system a webserver and DNS server so that I
can attach the certificate to local website I have to prepare.
If I open this website from different host (172.16.3.55) it should
fetch the page from this webserver (172.16.3.50) for which it has to be
DNS server too.
For this I have to add a virtual host to the webserver (in httpd.conf),
in that virtual host section is there where I should also add ssl
directives so as to add the certificate I have prepared.
The result should be like when access this particular website I should
able to see the certificate also.

I dint mean Web server or DNS server uses certificates. In order to
test it I have to make my system a webserver and DNS server so that I
can attach the certificate to local website I have to prepare.
If I open this website from different host (172.16.3.55) it should
fetch the page from this webserver (172.16.3.50) for which it has to be
DNS server too.
For this I have to add a virtual host to the webserver (in httpd.conf),
in that virtual host section is there where I should also add ssl
directives so as to add the certificate I have prepared.
The result should be like when access this particular website I should
able to see the certificate also.

"Waseem" <(E-Mail Removed)> (06-03-05 21:11:47):

> I dint mean Web server or DNS server uses certificates. In order to
> test it I have to make my system a webserver and DNS server so that I
> can attach the certificate to local website I have to prepare. If I
> open this website from different host (172.16.3.55) it should fetch
> the page from this webserver (172.16.3.50) for which it has to be DNS
> server too.
> For this I have to add a virtual host to the webserver (in
> httpd.conf), in that virtual host section is there where I should also
> add ssl directives so as to add the certificate I have prepared. The
> result should be like when access this particular website I should
> able to see the certificate also.

Then you are in the wrong newsgroup here (comp.os.linux.security). We
don't deal with configuring webservers or DNS servers. We deal with
Linux security. You will want to read the Apache and BIND
documentations.

Regards.

Check out <a href="http://www.linuxhomenetworking.com">Linux Home
Networking</a>