Может кому поможет. Как и все тут я не сразу настроил апач. Чел видимо у кого то неправильно передрал статью и куча букв повылетало. Я тут почитал как под виндой настраивать (http://tud.at/programm/apache-ssl-win32-howto.php3) и слепил все воедино. Вот что вышло. У меня работает.<--! /install/soft/openssl/ssl/openssl.cnf -->
[ CA_default ]
dir = /install/soft/httpd/conf/ssl # Where everything is kept
certs = $dir/ssl.crt # Where the issued certs are kept
crl_dir = $dir/ssl.crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/ssl.crt # default place for new certs.
certificate = $dir/nemesida-ca.pem # The CA certificate
serial = $dir/serial # The current serial number
#crlnumber = $dir/crlnumber # the current crl number must be
# commented out to leave a V1 CR
L
crl = $dir/ssl.crl/nemesida.crl # The current CRL
private_key = $dir/nemesida-ca.key # The private key
RANDFILE = $dir/ssl.key/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
<--! /install/soft/openssl/ssl/openssl.cnf -->
mkdir /install/soft/httpd/conf/ssl
cd /install/soft/httpd/conf/ssl
mkdir ssl.crl
mkdir ssl.crt
mkdir ssl.csr
mkdir ssl.key
openssl req -config /install/soft/openssl/ssl/openssl.cnf -new -x509 -keyout ssl.key/nemesida-ca.pem -out nemesida-ca.pem -days 3650
openssl rsa -in ssl.key/nemesida-ca.pem -out nemesida-ca.key
openssl x509 -in nemesida-ca.pem -out nemesida-ca.crt
touch index.txt
echo '01' > serial
openssl req -config /install/soft/openssl/ssl/openssl.cnf -new -keyout ssl.key/https.asv.kr.ua.pem -out ssl.csr/https.asv.kr.ua.pem
openssl rsa -in ssl.key/https.asv.kr.ua.pem -out https.asv.kr.ua.key
openssl ca -config /install/soft/openssl/ssl/openssl.cnf -policy policy_anything -out ssl.crt/https.asv.kr.ua.pem -infiles ssl.csr/https.asv.kr.ua.pem
openssl x509 -in ssl.crt/https.asv.kr.ua.pem -out ssl.crt/https.asv.kr.ua.crt
openssl ca -gencrl -out ssl.crl/https.asv.kr.ua.pem
<--! /install/soft/httpd/conf/ssl.conf -->
<IfDefine SSL>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/install/soft/httpd/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/install/soft/httpd/logs/ssl_mutex
<VirtualHost _default_:443>
DocumentRoot "/install/servers/www/htdocs/ssl"
ServerName https.asv.kr.ua:443
ServerAdmin asv2001@gmail.com
ErrorLog /install/soft/httpd/logs/error_log
TransferLog /install/soft/httpd/logs/access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /install/soft/httpd/conf/ssl/ssl.crt/https.asv.kr.ua.crt
SSLCertificateKeyFile /install/soft/httpd/conf/ssl/https.asv.kr.ua.key
SSLCACertificateFile /install/soft/httpd/conf/ssl/nemesida-ca.crt
SSLCARevocationFile /install/soft/httpd/conf/ssl/ssl.crl/https.asv.kr.ua.pem
<FilesMatch "\.(cgi|shtml|phtml|php|php3?)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/install/servers/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /install/soft/httpd/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfDefine>
<--! /install/soft/httpd/conf/ssl.conf -->
и наконец ./apachectl startssl
Вариант для распечатки
Разговоры, обсуждение новостей
on 15-Апр-05, 19:25 
