> I looked on the openssl man page but am too dense with commands to
> understand what I need to do..... Ran into problems generating a key
> and CSR for SSL, because the web site is on a server with an old
> Ensim Control Panel. Please someone knowledgeable, give me the
> openssl commands I need to use, after I ssh into the web site, to
> generate a 2048 bit key and csr. TIA and Happy New Year!
>
> "I believe the issue you are having is due to the size of the
> encryption key. The ensim control panel generates a 1024 bit key,
> where the certificate you got was 2048 bits. What you need to do is
> generate a 2048 bit key and csr on your domain. You would need to
> login in to your domain through ssh and generate the files from the
> command line."

It sounds, actually, as though you're talking about Certs for a web
server. In that case, here's the best answer:
<http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#aboutcerts>
which walks you through either creating a self-signed cert, or getting it
ready to obtain a real one.

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On 12/29/2009 11:36 AM, Lanny Marcus wrote:
> I looked on the openssl man page but am too dense with commands to
> understand what I need to do..... Ran into problems generating a key
> and CSR for SSL, because the web site is on a server with an old
> Ensim Control Panel. Please someone knowledgeable, give me the
> openssl commands I need to use, after I ssh into the web site, to
> generate a 2048 bit key and csr. TIA and Happy New Year!
>
> "I believe the issue you are having is due to the size of the
> encryption key. The ensim control panel generates a 1024 bit key,
> where the certificate you got was 2048 bits. What you need to do is
> generate a 2048 bit key and csr on your domain. You would need to
> login in to your domain through ssh and generate the files from the
> command line."
>
> <snip>
This will create one with a passphrase

openssl genrsa -des3 -out mydomain.key 2048
openssl req -new -key mydomain.key -out mydomain.csr


Same put without a passpharse

openssl genrsa -out mydomain.key 2048
openssl req -new -key mydomain.key -out mydomain.csr

Cheers

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On Tue, Dec 29, 2009 at 12:56 PM, <m.roth@5-cent.us> wrote:
>> I looked on the openssl man page but am too dense with commands to
>> understand what I need to do..... * Ran into problems generating a key
>> and CSR for SSL, *because the web site is on a server with an old
>> Ensim Control Panel. *Please someone knowledgeable, *give me the
>> openssl commands I need to use, after I ssh into the web site, to
>> generate a 2048 bit key and csr. *TIA and Happy New Year!
>>
>> "I believe the issue you are having is due to the size of the
>> encryption key. The ensim control panel generates a 1024 bit key,
>> where the certificate you got was 2048 bits. *What you need to do is
>> generate a 2048 bit key and csr on your domain. You would need to
>> login in to your domain through ssh and generate the files from the
>> command line."
>
> It sounds, actually, as though you're talking about Certs for a web
> server. In that case, here's the best answer:
> <http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#aboutcerts>
> which walks you through either creating a self-signed cert, or getting it
> ready to obtain a real one.

Mark: Thank you for replying. It's a real SSL cert. I found a page
about openssl commands at NCSA at U. Illinois and when I tried an
openssl command that might work, discovered that openssl is not
available to me..... :-) Now awaiting reply from OLM Tech
Support, for more ideas on how to do this, with this old Ensim Control
Panel.... I will check out the URL you gave me. Lanny
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On Tue, Dec 29, 2009 at 1:05 PM, Dan Carl <danc@bluestarshows.com> wrote:
> On 12/29/2009 11:36 AM, Lanny Marcus wrote:
>> I looked on the openssl man page but am too dense with commands to
>> understand what I need to do..... * Ran into problems generating a key
>> and CSR for SSL, *because the web site is on a server with an old
>> Ensim Control Panel. *Please someone knowledgeable, *give me the
>> openssl commands I need to use, after I ssh into the web site, to
>> generate a 2048 bit key and csr. *TIA and Happy New Year!
>>
>> "I believe the issue you are having is due to the size of the
>> encryption key. The ensim control panel generates a 1024 bit key,
>> where the certificate you got was 2048 bits. *What you need to do is
>> generate a 2048 bit key and csr on your domain. You would need to
>> login in to your domain through ssh and generate the files from the
>> command line."
>>
>> <snip>
> This will create one with a passphrase
>
> openssl genrsa -des3 -out mydomain.key 2048
> openssl req -new -key mydomain.key -out mydomain.csr
>
>
> Same put without a passpharse
>
> openssl genrsa -out mydomain.key 2048
> openssl req -new -key mydomain.key -out mydomain.csr

Dan: Thank you. As I just replied to Mark, when I tried to use the
openssl command, bash responded that it cannot find that command. I
will relay these commands to OLM Tech Support. Maybe they can use the
openssl command, if they log in as root on the server. Lanny
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Lanny:

> discovered that openssl is not available to me

You should be able to do a yum install openssl.
Do you have root access to the server?

Neil

--
Neil Aggarwal, (281)846-8957, http://UnmeteredVPS.net
CentOS 5.4 VPS with unmetered bandwidth only $25/month!
No overage charges, 7 day free trial, PayPal, Google Checkout

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

> On Tue, Dec 29, 2009 at 12:56 PM, <m.roth@5-cent.us> wrote:
>> Lanny wrote:
<snip>
>>> "I believe the issue you are having is due to the size of the
>>> encryption key. The ensim control panel generates a 1024 bit key,
>>> where the certificate you got was 2048 bits. *What you need to do is
>>> generate a 2048 bit key and csr on your domain. You would need to
>>> login in to your domain through ssh and generate the files from the
>>> command line."
>>
>> It sounds, actually, as though you're talking about Certs for a web
>> server. In that case, here's the best answer:
>> <http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#aboutcerts>
>> which walks you through either creating a self-signed cert, or getting
>> it ready to obtain a real one.
>
> Mark: Thank you for replying. It's a real SSL cert. I found a page
> about openssl commands at NCSA at U. Illinois and when I tried an
> openssl command that might work, discovered that openssl is not
> available to me..... :-) Now awaiting reply from OLM Tech

You might want to mouse around the server - it could just be that openssl
isn't in your path, which isn't unreasonable for an ordinary user. Check
the man page, and see what it says, or rpm -ql openssl

mark


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On Tue, Dec 29, 2009 at 1:14 PM, Neil Aggarwal <neil@jammconsulting.com> wrote:

>> discovered that openssl is not available to me
>
> You should be able to do a yum install openssl.
> Do you have root access to the server?

No, the site is on a shared server. I will ask him to install
openssl, if it's not already installed on the server. Thanks!
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On Tue, Dec 29, 2009 at 1:19 PM, Lanny Marcus <lmmailinglists@gmail.com> wrote:
> On Tue, Dec 29, 2009 at 1:14 PM, Neil Aggarwal <neil@jammconsulting.com> wrote:
>
>>> discovered that openssl is not available to me
>>
>> You should be able to do a yum install openssl.
>> Do you have root access to the server?
>
> No, *the site is on a shared server. *I will ask him to install
> openssl, if it's not already installed on the server. Thanks!
>

It looks like openssl *is* installed on the server, because it is
shown in the services. Apparently, the openssl command is not
available to me to use for my site on this shared server.
OpenSSL Secure Web
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

On Tue, Dec 29, 2009 at 1:16 PM, <m.roth@5-cent.us> wrote:
>
>> On Tue, Dec 29, 2009 at 12:56 PM, *<m.roth@5-cent.us> wrote:
>>> Lanny wrote:
> <snip>
>>>> "I believe the issue you are having is due to the size of the
>>>> encryption key. The ensim control panel generates a 1024 bit key,
>>>> where the certificate you got was 2048 bits. *What you need to do is
>>>> generate a 2048 bit key and csr on your domain. You would need to
>>>> login in to your domain through ssh and generate the files from the
>>>> command line."

> You might want to mouse around the server - it could just be that openssl
> isn't in your path, which isn't unreasonable for an ordinary user. Check
> the man page, and see what it says, or rpm -ql openssl

Mark: Thank you. openssl *is* shown in the services running, so I am
sure that is the problem, that it is not in my path. I will ask him to
include openssl in my path. Lanny
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Lanny Marcus wrote:
> Mark: Thank you. openssl *is* shown in the services running, so I am
> sure that is the problem, that it is not in my path. I will ask him to
> include openssl in my path. Lanny
>

you control your own path, ~/.bash_profile

or just specify the path to openssl on the command line, the default for
CentOS is /usr/bin/openssl


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos