Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: beast on December 31, 2009, 04:14:09 PM
-
Hi All
First of all I like you all to have a happy new year 8-)
I have ruined my SSL system somehow and like to get the default behavior back. I tried to get it back to normal by deleting SSH files etc. (know it is dangerous). Then I ended up with a working system, the only problem was that I had a cron job starting the key generation:
/etc/cron.daily/conf-mod_ssl:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:State or Province Name (full name) [Berkshire]:Locality Name (eg, city) [Newbury]:Organization Name (eg, company) [My Company Ltd]:Organizational Unit Name (eg, section) []:Common Name (eg, your name or your server's hostname) []:Email Address []:
What this script does is to exec expand-template /home/e-smith/ssl.pem/pem
when I try to execute "sh conf-mod_ssl" it shows the same text and return me right to the prompt. When I write "expand-template /home/e-smith/ssl.pem/pem" directly at the command line is terminate the current session (exit putty)!
How do I get this script to run properly so I do not have to verify a new SSL key every day when I access for example server-manager.
Thank you in advance!
-
beast
I have ruined my SSL system somehow and like to get the default behavior back. I tried to get it back to normal by deleting SSH files....
ssl & ssh have nothing to do with each other, ssl relates to certificates, ssh relates to (usually) command line access to your server.
As you have not told us what your original problem was, what you deleted, and what was fixed, then we need to guess.
It sounds like your system is regenerating the self signed certificate, which it will automatically do once every year on the anniversary of the install date. Something has gone wrong obviously.
How do I get this script to run properly so I do not have to verify a new SSL key every day when I access for example server-manager.
I suggest the following & report if successful or not:
rm /home/e-smith/ssl.crt/servername.domain.com.crt
rm /home/e-smith/ssl.key/servername.domain.com.key
rm /home/e-smith/ssl.pem/servername.domain.com.pem
signal-event post-upgrade
signal-event reboot
Replace the filenames with the names applicable to your server
You don't say if you have commercial or alternative certificates configured, so there may be more to do.
What does this command show
config show modSSL
I suggest you go to the Howto section (link is at top of forums) and read the various Certificate Howtos.
-
When I write "expand-template /home/e-smith/ssl.pem/pem" directly at the command line is terminate the current session (exit putty)!
Really? Are you sure that you didn't type:
exec expand-template /home/e-smith/ssl.pem/pem
Anyway, you should follow Mary's advice.
-
Mary's advice did not seam to change anything (have also tried that in the past).
I have not tested if I need to approve a new certificate each day but exec expand-template /home/e-smith/ssl.pem/pem still exit putty!
The output of config show modSSL is:
modSSL=service
CipherSuite=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
TCPPort=443
access=public
status=enabled
-
I have not tested if I need to approve a new certificate each day but exec expand-template /home/e-smith/ssl.pem/pem still exit putty!
"exec expand-template /home/e-smith/ssl.pem/pem" will always exit putty, as will "exec ls". Do some study on exec, and stop using it where not appropriate.