Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Developer Center > OpenSSL (HTTPS) help...

OpenSSL (HTTPS) help...
Thread Tools
powert
Guest
Status:
Reply With Quote
Dec 18, 2000, 09:49 AM
 
I know we have OpenSSL already installed on OS X and can use it but I'm trying to install it myself (as one needs to install updates to security bugs regularly).

The configure/make won't work... get unsupported platform. Apple must have a configure script... anyone seen it? Like the OpenLDAP makefile we got.

Can anyone simply explain to me how to create a server certificate that I can add to Apache and turn on HTTPS? I've read the OpenSSL manual and it aint simple, not is adding it to Apache. Do I need a certficate server??
     
gschueler
Guest
Status:
Reply With Quote
Dec 19, 2000, 03:46 AM
 
Yeah, I wasn't able to compile Apache with mod_ssl at all. It had trouble finding the OpenSSL libraries, despite my attempts to coerce it into seeing where they were.

If anybody has any information about how to fix this, plz reply
     
saywake
Fresh-Faced Recruit
Join Date: Dec 2000
Status: Offline
Reply With Quote
Dec 19, 2000, 10:26 AM
 
You can find the source that Apple used for the v0.9.5a OpenSSL implementation at:
http://www.opensource.apple.com/proj....5a-3.1.tar.gz

This one builds fine, and installs in the standard locations. I got cURL to build with ssl after installing this one. I still haven't been able to get v0.9.6 to build properly. If anybody else figures it out, I'd love to know about it.

-KenS
     
powert
Guest
Status:
Reply With Quote
Dec 27, 2000, 09:49 AM
 
Well it seems our Apache built into OS X has mod ssl already compiled. Just enable it in the apache.conf file, read the mod ssl html manual and u should be able to get started with HTTPS on Darwin.

Works great for me.

Read the mod ssl manual to work out how to create a server key, and self sign to create a certificate for Apache.
(it is:
openssl genrsa -out server.key 1024
openssl req -new -x509 -days 365 -key server.key -out server.crt
)
You need to set the RANDFILE environment variable for a rand seed.

In the apache.conf I added another port (and also did one for 80, it seemed to take over otherwise), and then you must configure the Virtual Host section (at the bottom) to accept the 443 port. You can then do what u like there. I did an <IfModule mod_ssl.c> and within that I put all the necessary parameters (see the modssl manual), in particular one for the random seed as Darwin doesn't have one (/dev/random). In the VH turn on SSL (SSLEngine on) and it should work...

Tim
     
Angus_D
Addicted to MacNN
Join Date: Mar 2000
Location: London, UK
Status: Offline
Reply With Quote
Dec 29, 2000, 12:38 PM
 
Well Darwin will have /dev/random - somebody's written it already I think.
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -5. The time now is 11:21 PM.
All contents of these forums © 1995-2011 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.7 © 2000-2011, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2