[Gloucs] Snort!

[Iain Calder]

Jill Tovey wrote:

> For some reason my email messages always get caught by the spam 
> filter, only to arrive a few days out of sync with everyone else, so 
> apologies if my messages are appearing not to make sense!
>
> anyway,
>
> after fiddling about with curl, I have now moved on to this error:
>
> curl: (35) SSL: error:14090086:SSL 
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>
> According to the curl help file,
> If I type
> curl -k/--insecure it  will "Allow curl to connect to SSL sites 
> without certs (H)"
>
> Which would seem to be what I want!
> However,  on typing that it just says
>
> curl: option -k/--insecure is unknown
>
> I am currently looking for good guides to create my own certificate. 

Hi Jill, not sure if you need to generate a client certificate or a 
server certificate, but if it's a server certificate then it's quite 
easy using openssl.  All you need to do is:

/usr/bin/openssl genrsa -out ssl.key 1024

to generate a private key, and then:

/usr/bin/openssl req -new -x509 -days 365 -key ssl.key -out ssl.cert

to generate a certificate using the key.  When you run the second 
command you will be asked a series of questions which will look 
something like the following:

Country name [GB]
State or Province Name (full name) [Gloucestershire]:
Locality Name (eg, city) [Gloucester]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []: snort
Common Name (eg, your name or your server's hostname) []:
Email Address []:iain.calder@blueyonder.co.uk

You will then need to copy ssl.key and ssl.cert to wherever they are 
needed, e.g. for Apache certificates this will be somewhere under 
/etc/httpd/conf/ - just check what the 'SSLCertificateFile' and 
'SSLCertificateKeyFile' directives in httpd.conf are expecting.

Iain