ssl cert
Matthew Gillen
me at mattgillen.net
Sat Oct 14 19:02:05 EDT 2006
Stephen Adler wrote:
> Guys,
>
> I'm using subversion with https access to the code repository and I
> changed the hostname. So now when I try to use esvn, it complained that
> my ssl cert was not issued by the correct host, and refused to connect to
> the code repository. So I reissued the certificates by doing the
> following
>
>
> cd /etc/httpd/conf
> rm ssl.crt/server.crt ssl.csr/server.csr ssl.key/server.key
> make genkey
> make certreq
> make testcert
>
> but now two issues come up. First when I start httpd, it askes for the
> passphase which I have to enter in by hand. I'm affraid this means that I
> have to type something into the console every time I reboot the system.
Your fear is well founded. There's a trick if you want a "passphrase-less"
server cert (the usual warnings you'd expect about passphase-less ssh keys
applies: it makes it easier for people who hack your server and steal your
private key to impersonate your server):
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/sysadmin-guide/s1-secureserver-generatingkey.html
> The send thing is that esvn now complians that I have an invalid
> certificat... :( What's the trick? (Or rather, how does Red Hat configure
> the keys and certificats so that https: works?)
That page (and the subsequent ones) might answer that question.
Matt
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Discuss
mailing list