[Debian-sf-devel] Quick fix to apache-modssl for SF2.6

[Jeremy Gwinnup]

Hey all,

I spent some time yesterday fighting to get apache+modssl to work
properly during the sourceforge install, so I want to share what I
did...

When I did the first clean install off of Christian's SF2.6-0+5 package,
it bombed when trying to restart apache... I poked around the logs, and
I found that apache was complaining about the certificate in the apache
error log:

[Mon Jan 28 17:39:17 2002] [error] mod_ssl: Init: Unable to read server
certificate from file /etc/apache/ssl.crt/server.crt (OpenSSL library
error follows)
[Mon Jan 28 17:39:17 2002] [error] OpenSSL: error:0D09F007:asn1 encoding
routines:d2i_X509:expecting an asn1 sequence

So I poked around a little more, and I found that the default package
certificate is usually junk, so I dug up instructions on how to make a
new one. Here's what I did (mostly):

1. cd /etc/apache
2. openssl req -new > server.csr
   - make sure you enter a passphrase, it can be removed later
   - Enter certificate info.... location, contact, email, etc
   - Enter return at the challenge password prompt
3. openssl rsa -in privkey.pem -out server.key
   - Enter passphrase from above
4. openssl x509 -in server.csr -out server.crt -req -signkey server.key
-days 365
5. cp server.crt ssl.crt/
6. cp server.key ssl.key/
7. apachectl start
   - make sure apache likes the new cert
8. dpkg --configure sourceforge
   - to resume sourceforge configuration

Let me know if you have problems with this recipe... It's still a work
in progress :)

-Jeremy

-- 
Jeremy Gwinnup
Software/Systems Engineer
Veridian Engineering
phone: (937) 255-1116 x2660
fax:   (937) 255-1100
email: address@hidden