[regression] apache2-ssl-certificate has gone missing since feisty

Bug #77675 reported by Matt Galvin
62
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apache2 (Debian)
Fix Released
Unknown
apache2 (Ubuntu)
Fix Released
Wishlist
Unassigned
Declined for Feisty by Henrik Nilsen Omma
Declined for Gutsy by Henrik Nilsen Omma

Bug Description

Binary package hint: apache2

Enabling SSL/TLS encryption for Apache is difficult.

apache2-ssl-certificate is nowhere to be found once apache2 is installed as of feisty. Still broken in Hardy Beta.

Tags: patch
Revision history for this message
lithorus (lithorus) wrote :

/usr/share/apache2/ssleay.cnf and the directory /etc/apache2/ssl is also missing.

Revision history for this message
burgerbee (bigge) wrote :

Tested to confirm and its missing in Herd 5 aswell.

Revision history for this message
Paul Williams (pwill) wrote :

Confirmed, and marked as confirmed.
This is critical for people that need SSL on their servers.
Of course there are other ways to generate ssl cert files, but this is by far the easiest.

Changed in apache2:
status: Unconfirmed → Confirmed
Revision history for this message
speeves (speeves) wrote :

I have generated the build diff.gz (apache2_2.2.3-3.2build1.diff.gz) for apache2_2.2.3-3.2build1_all.deb, which includes the apache2-ssl-certificate, ssleay.cnf, and modified rules file to push these files out into their proper locations, (per the apache2 (2.0) deb package). The easiest way to use this, (until it is applied to the apache2 (2.2) source package) is to:

1. sudo apt-get build-dep apache2
2. sudo apt-get source -d apache2 (download only mode)
3. sudo cp path/to/apache2_2.2.3-3.2build1.dsc path/to/apache2_2.2.3-3.2build1.diff.gz .
(replace the existing diff.gz and .dsc with the files I have attached)
4. dpkg-source -x apache2_2.2.3-3.2build1.dsc
5. cd apache2-2.2.3
6. fakeroot debian/rules binary
7. sudo dpkg -i ../*.deb (modify to install the correct deb packages for your installation)

The apache2-ssl-certificate script is in:
apache2.2-common_2.2.3-3.2build1_amd64.deb

Obviously, these attachments are amd64 specific, but the changes that I made are platform agnostic, so someone with i386, etc., should be able to apply the same changes to their platform. I'll upload the modified files as well, to help facilitate this.

Revision history for this message
maxwas (maxwas) wrote :

The same problem exists in 6.10 edgy.

I have just done a default LAMP install on ubuntu server - all fine.

On ubuntu i done a manual install of apache2 (and assoc friends), the command: 'apache2-ssl-certificate' returns; 'bash: apache2-ssl-certificate: command not found'

Revision history for this message
Matti Lindell (mlind) wrote :
Changed in apache2:
status: Unknown → Unconfirmed
Revision history for this message
Luke Maurer (luke-maurer) wrote :

So, I take it Feisty is shipping with this bug still open? There're gonna be a lot of people wondering why all the Apache2/SSL tutorials are broken ...

Revision history for this message
Joachim Davain (joachim-davain) wrote :

Tested to confirm and its missing in the final release 5 aswell.

Revision history for this message
Paul Williams (pwill) wrote :

I think the Apache package manager stopped paying attention. It's a very simple fix.

Áron Sisak (asisak)
Changed in apache2:
importance: Undecided → Medium
Revision history for this message
Milan Mitrović (milan.mitrovic) wrote :

I have the same problem... Is it going to be fixed soon?

Revision history for this message
xtsbdu3reyrbrmroezob (xtsbdu3reyrbrmroezob) wrote :

I can confirm this one too!!!

Revision history for this message
stormreaver (kubuntu-tonyobryan) wrote :

It is also missing in Kubuntu 7.04 final.

Revision history for this message
speeves (speeves) wrote :
Revision history for this message
Jeffrey Patrick Lui (punong-bisyonaryo) wrote :

Confirmed. Against all wise logic I SHOULD have had, I upgraded the Dapper server I was maintaining at work to Edgy, then Feisty. And when I was to re-certify it for WebDAV/SSL, "command not found". If speeves' patch won't work on me, I will be reinstalling Dapper, I just can't spend too much time to fix this since it is an important server. I hope the importance of this bug is escalated since I think that there probably guys out there who need SSL for work, as well. I hope this is fixed soon.

Revision history for this message
Matti Lindell (mlind) wrote :

You can grab ssleay.cnf and apache2-ssl-certificate from Edgy's apache2 version.

I hope this workaround works for people who bothered by this issue. Extract the package and put ssleay.cnf to /usr/share/apache2/ and apache2-ssl-certificate to /usr/sbin.
Create /etc/apache2/ssl directory. Then apache2-ssl-certificate script should work.

Revision history for this message
speeves (speeves) wrote :

Though this bug makes more work for us, it is not show-stopper. We can always make the ssl certificates in the old-fashioned way as described here:
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28

Just modify your ssl vhost conf to point to the key and crt files that you create, and you should be good to go.

Revision history for this message
Luís Pereira (luispereira) wrote :

The solution proposed by mlind works.

Revision history for this message
Matti Lindell (mlind) wrote :

I'm attaching patch against feisty's apache2 (2.2.3-3.2build1) which adds ssl-certificate script back from Edgy's apache2. For some reason, also lintian overrides were dropped in 2.0 --> 2.2 transition, so I decided not include one for apache2-ssl-certificate like there was in Edgy.

I guess we should try to get this in gutsy first.

Revision history for this message
Tristan Rhodes (tristanrhodes) wrote : Re: apache2-ssl-certificate has gone missing since feisty

I have also just discovered that this script is missing when I was trying to follow an SSL tutorial. For people who want quick SSL setup, this script was great! A real certificate is best, but if you don't want to spend money but DO want to secure web traffic, then a self-signed certificate works great. Please add this back into the apache package.

Revision history for this message
Malthe Borch (mborch) wrote :

I find that htpasswd2 is also missing from /usr/sbin. Could it be related?

Revision history for this message
speeves (speeves) wrote : Re: [Bug 77675] Re: apache2-ssl-certificate has gone missing since feisty

Malthe wrote:
> I find that htpasswd2 is also missing from /usr/sbin. Could it be
> related?
>
Hi Malthe,

Can you open a new bug for htpasswd2? That would help us to track these
issues separately.

thanks,

--
Shannon Eric Peevey
<email address hidden>
http://speeves.erikin.com

Revision history for this message
Malthe Borch (mborch) wrote :

Done.

On 28/05/07, speeves <email address hidden> wrote:
> Malthe wrote:
> > I find that htpasswd2 is also missing from /usr/sbin. Could it be
> > related?
> >
> Hi Malthe,
>
> Can you open a new bug for htpasswd2? That would help us to track these
> issues separately.
>
> thanks,
>
> --
> Shannon Eric Peevey
> <email address hidden>
> http://speeves.erikin.com
>
> --
> apache2-ssl-certificate has gone missing since feisty
> https://bugs.launchpad.net/bugs/77675
> You received this bug notification because you are a direct subscriber
> of the bug.
>

--
--=====================--
  mail: <email address hidden>
  homepage: zeitmaschine.dk
--=====================--

Revision history for this message
Matti Lindell (mlind) wrote : Re: apache2-ssl-certificate has gone missing since feisty

@Malthe

In edgy, /usr/bin/htpasswd2 is a symlink pointing to /usr/bin/htpasswd.
Feisty and gutsy have the latter one (but not the symlink).

Revision history for this message
speeves (speeves) wrote :
Revision history for this message
Soren Hansen (soren) wrote :

I'm rejecting this bug, as the ssl-cert package provides make-ssl-cert and also usr/share/ssl-cert/ssleay.cnf.

If you feel that this is not sufficient, feel free to reopen this bug.

Changed in apache2:
assignee: nobody → shawarma
status: Confirmed → Rejected
Revision history for this message
speeves (speeves) wrote :

Hi Soren,

I see that apache-ssl (apache 1.3) depends on ssl-cert, but it doesn't seem that apache2 has it as a dependency? Do you know which package depends on it?

thanks,
speeves

Revision history for this message
Hansch (hansch) wrote :

I have the same problem on Debian Sarge which has the latest Apache package (2.2.3) installed. Of course there are many ways to create ssl certificates, but many howto's mention the use of apache2-ssl-certificate, which are now rendered unusable. Of course, for a die-hard Debian user this poses few problems, but it might make installing an ssl-enabled (testing) website very annoying for others. Can you reopen the bug? Thanks.

Revision history for this message
Matti Lindell (mlind) wrote :

reopened as requested.

Changed in apache2:
importance: Medium → Wishlist
status: Invalid → Confirmed
assignee: shawarma → nobody
Revision history for this message
speeves (speeves) wrote : Re: [Bug 77675] Re: apache2-ssl-certificate has gone missing since feisty

On 7/20/07, mlind <email address hidden> wrote:
>
> reopened as requested.
>
> ** Changed in: apache2 (Ubuntu)
> Importance: Medium => Wishlist
> Status: Invalid => Confirmed

I realize that we may need to wait for this to be fixed in the Debian
package upstream, but I believe this to be of more importance than
"wishlist". In essence, there is no reference or dependency to the ssl-cert
package, leaving many users in the dark about this issue. At this point, if
we are to handle this in Ubuntu, (as opposed to waiting for the fix
upstream), we have a couple of options:

1. Use the patch that I have submitted above and add apache2-ssl-certificate
back into the apache2 package itself.
2. add the ssl-cert package as a dependence to to the apache2 package, and
upload that version.
3. add documentation to th README.Debian which states the issue and how to
resolve it

I recommend either 1 or 2, (2 is preferred, since it is the direction chosen
by the upstream maintainers), but 3 is an acceptable interim option. All
options would diverge the Apache2 package in Ubuntu from the Debian
upstream... I will be happy to provide a patch for either 2 or 3, but want
to see what works best for everyone. (1 is already available above).

thanks,
--
Shannon Eric Peevey
<email address hidden>
http://speeves.erikin.com

Revision history for this message
speeves (speeves) wrote :

BTW, when checking out the changes in ssl-cert dependencies, I found these
related bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=230791+
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=231726+

They seem rather old, and it is possible that ssl-cert has fixed its ways
:) And, here are the related entries in the debian/changelog file:
apache2 (2.0.48-8) unstable; urgency=low
  * Disable ssl-cert until it sucks less. related to 230791 (closes:
#231726)
apache2 (2.0.48-5) unstable; urgency=low
    - Call ssl-cert to generate an SSL cert using debconf (closes: #178322)
apache2 (2.0.48-1) unstable; urgency=low
    - Add dependency on ssl-cert (Closes: #177837)

My take on this seems to point to a reinclusion of the
apache2-ssl-certificate into the source package, if ssl-cert is not a
satisfactory dependency...

If my patch above need only be modified for i386, let me know and I will
build an i386 vm to create the more popular architecture patch...

thanks,

--
Shannon Eric Peevey
<email address hidden>
http://speeves.erikin.com

Revision history for this message
mathieubll (mathieu-mangeot) wrote : make-ssl-cert lacks of a -days option

I think that this bug should be solved quickly. All the proposed workarounds do not work.

make-ssl-cert lacks of a -days option. Hence, it issues a certificate for only one month.
I don't want to chage my servers certificates every month!

The old fashioned way with mod-ssl : http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28 is fairly complicated if you want to issue a slef-signed certificate. Furthermore, there are missing scripts in the actual package (sign.sh for example).

If you find a simple workaroud for issuing a simple sefl-signed certificate valid for one year or more, I'll be very grateful!

Revision history for this message
Geoff Shuetrim (geoff-galexy) wrote : Re: apache2-ssl-certificate has gone missing since feisty

The workaround at https://launchpad.net/ubuntu/+source/apache2/+bug/77675/comments/4 worked fine for me. I built the package, extracted the ssleay.cnf file and placed it at /usr/share/apache2/ssleay.cnf and extracted the apache2-ssl-certificate and put it at /usr/sbin/apache2-ssl-certificate. I also manually created the /etc/apache2/ssl directory. That let me generate the /etc/apache2/ssl/apache.pem file containing both the key and the certificate. After properly configuring the apache server to work with the certificate it seemed to run fine.

Revision history for this message
acacha (sergi-tur) wrote :

You could use make-ssl-cert form package ssl-cert instead of apache2-ssl-certificate. I have a tutorial (sorry is in Catalan) at:

http://acacha.dyndns.org/mediawiki/index.php/Apache#Creaci.C3.B3_del_certificat

Revision history for this message
speeves (speeves) wrote : Re: [Bug 77675] Re: apache2-ssl-certificate has gone missing since feisty

On 10/16/07, acacha <email address hidden> wrote:
> You could use make-ssl-cert form package ssl-cert instead of apache2
> -ssl-certificate. I have a tutorial (sorry is in Catalan) at:
>
> http://acacha.dyndns.org/mediawiki/index.php/Apache#Creaci.C3.B3_del_certificat
>
> --
> apache2-ssl-certificate has gone missing since feisty
> https://bugs.launchpad.net/bugs/77675
> You received this bug notification because you are a direct subscriber
> of the bug.
>
It still seems to me that the best solution is in my comment above:
<snip>
I realize that we may need to wait for this to be fixed in the Debian
package upstream, but I believe this to be of more importance than
"wishlist". In essence, there is no reference or dependency to the
ssl-cert package, leaving many users in the dark about this issue. At
this point, if we are to handle this in Ubuntu, (as opposed to waiting
for the fix upstream), we have a couple of options:

1. Use the patch that I have submitted above and add
apache2-ssl-certificate back into the apache2 package itself.
2. add the ssl-cert package as a dependence to to the apache2 package,
and upload that version.
3. add documentation to th README.Debian which states the issue and
how to resolve it

I recommend either 1 or 2, (2 is preferred, since it is the direction
chosen by the upstream maintainers), but 3 is an acceptable interim
option. All options would diverge the Apache2 package in Ubuntu from
the Debian upstream... I will be happy to provide a patch for either
2 or 3, but want to see what works best for everyone. (1 is already
available above).
</snip>

Let me see if I can get a Debian Maintainer to sponsor a patch to
include ssl-cert as a dependency in the Debian package upstream.

thanks,

--
Shannon Eric Peevey
<email address hidden>
http://speeves.erikin.com

Mathias Gug (mathiaz)
Changed in apache2:
status: Confirmed → Triaged
Revision history for this message
Martin Lindhe (martinlindhe) wrote : Re: apache2-ssl-certificate has gone missing since feisty

*bump*

the script is still missing in hardy. have any workarounds been implemented since this bugreport was opened?

Revision history for this message
mathieubll (mathieu-mangeot) wrote :

My workaroud was the following:

As I'm alos using debian, I wanted a workaround for both ubuntu and debian (my problem is basically the lack of a duration option in the make-ssl-certs script).
I wanted to create a new clean version of the make-ssl-certs script with a -days option but was not able to do so.
I finally hardcoded (or modified by hands) the make-ssl-certs script in order to add the -days 365 option to the openssl req command.

Revision history for this message
fuelrod (danielhodder) wrote :

I can confirm this also but what I want to know is why has this been declined for release twice (Gutsy and Feisty).

Revision history for this message
speeves (speeves) wrote : Re: [Bug 77675] Re: apache2-ssl-certificate has gone missing since feisty

Please, open a new bug so that we can track this separately.

thanks,
speeves

On 2/8/08, fuelrod <email address hidden> wrote:
> I can confirm this also but what I want to know is why has this been
> declined for release twice (Gutsy and Feisty).
>
> --
> apache2-ssl-certificate has gone missing since feisty
> https://bugs.launchpad.net/bugs/77675
> You received this bug notification because you are a direct subscriber
> of the bug.
>

--
Shannon Eric Peevey
<email address hidden>
http://speeves.erikin.com

Revision history for this message
FofBorg (francois-beauregard) wrote : Re: apache2-ssl-certificate has gone missing since feisty

Still missing on Ubuntu 7.10 server with Apache2 2.2.4... That's not good, as it makes internal servers unsecure...

Revision history for this message
Nick Barcet (nijaba) wrote :

I think that the documentation at https://help.ubuntu.com/7.10/server/C/httpd.html#https-configuration is quite clear on how to generate a self signed certificate, so I do not understand why we would need apache2-ssl-certificate?

I went and corrected all references to it on http://www.google.com/search?q=site%3Ahelp.ubuntu.com+apache2-ssl-certificate so that this should not bug users anymore.

I think we can close this bug unless someone objects to that.

Revision history for this message
speeves (speeves) wrote : Re: [Bug 77675] Re: apache2-ssl-certificate has gone missing since feisty

On 3/20/08, Nick Barcet <email address hidden> wrote:
>
> I think that the documentation at
> https://help.ubuntu.com/7.10/server/C/httpd.html#https-configuration is
> quite clear on how to generate a self signed certificate, so I do not
> understand why we would need apache2-ssl-certificate?

Would it be possible to put a link to that documentation in the
README.Debian? I think that would be sufficient, as it looks like ssl-cert
is now a deprecated process as well...

Revision history for this message
Hans Deragon (deragon) wrote : Re: apache2-ssl-certificate has gone missing since feisty

Why not make it easier for users, specially the casual home user who wants to setup a secure web server, by providing him a script that actually does the job? Nothing beats more documentation than an actual tool that does the job for the user. If the script already existed, why not bring it back?

This is script is particularly useful when someone comes from another distribution (such as Fedora) and migrates his stuff to Ubuntu. Saves the user the task to search the web on how to generate it.

Revision history for this message
George (gapop) wrote :

Nick,

There are many useful tutorials on the Web on how to install a secure server on Ubuntu which make reference to that script. Why leave people who are learning with a broken tutorial? Following your reasoning, one could ask why do we need most of the GUI in the Ubuntu desktop, since you can do the same from the command line.

Someone took the time to report the bug because they were upset by the script's disappearance. Two dozen people have subscribed to the bug because they care. Please reconsider closing this bug.

George

Revision history for this message
speeves (speeves) wrote : Re: [Bug 77675] Re: apache2-ssl-certificate has gone missing since feisty

I actually feel a link to Nick's documentation at:
https://help.ubuntu.com/7.10/server/C/httpd.html#https-configuration

Or, the same information in the README.Debian, (which I think is a better
location, (for people without internet connections, etc.)),

is sufficient to close this bug, per this entry in the apache source
debian/changelog:
changelog: * Disable ssl-cert until it sucks less. related to 230791
(closes: #231726)

If ssl-cert is a non-stable, or doesn't work as expected, then we definitely
need to rely on the tools that will work for every situation. (ie openssl).

See my comments for other alternatives to Nick's solution:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/77675/comments/4
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/77675/comments/29

I am available to update my patches, etc. from comment 4, if that seems to
be the best idea, (if someone will sponsor the upload).

Revision history for this message
byers (mike-swirl) wrote : Re: apache2-ssl-certificate has gone missing since feisty

All of this would be vaguely tolerable if, of course, you could easily create a self signed cert using the ubuntu openssl package, as elucidated here :

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28

However, the current feisty dist doesn't include the needed signing script sign.sh from the source dist, at least not that I could see.

You can however, find the script here : http://www.opensourcehowto.org/how-to/apache/setup-apache2-with-openssl.html

(referenced for anyone else trying to do this !)

Revision history for this message
Tero Karvinen (karvinen+launchpad) wrote : Broken in Hardy Re: apache2-ssl-certificate has gone missing since feisty

Broken in Hardy Beta. This seems to be a regression: in earlier Ubuntus, cert was generated automatically.

Details of Hardy setup and tests done http://myy.helia.fi/~karte/ubuntu_hardy_8.04.html#encrypted_tls_https_connections_difficult

description: updated
Revision history for this message
maraja (ugo-grandolini) wrote :

setup

   1. sudo apt-get install apache2
   2. sudo apt-get install openssl
   3. sudo apt-get install ssl-cert

create ssl certificate:
sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/private/localhost.pem

switch to apache sites configuration:
cd /etc/apache2/sites-available/

bakup the default configuration:
sudo cp default default.backup.date

be sure to listen the port 80 for the default:
sudo sed -i '1,2s/\*/*:80/' default

create the ssl configuration:
sudo cp default ssl

set the ssl port:
sudo sed -i '1,2s/\*:80/*:443/' ssl
sudo sed -i "3a\\\tSSLEngine On\n\tSSLCertificateFile /etc/ssl/private/localhost.pem" ssl

enable ssl:
sudo a2ensite ssl
sudo a2enmod ssl

restart apache2:
sudo /etc/init.d/apache2 restart

=)

Revision history for this message
Tero Karvinen (karvinen+launchpad) wrote :

Thanks maraja, I'll try it out.

Could this process be packaged so that it would only require a single command?

Revision history for this message
maraja (ugo-grandolini) wrote :

Taro,

I guess so but I do not know how to do it =/

If anyone is going to create a .deb out of it, he should consider that the user may only need one (or two, or all) of the initial setup steps.

Changed in apache2:
status: New → Fix Committed
Changed in apache2:
status: Fix Committed → Fix Released
Revision history for this message
Chuck Short (zulcss) wrote :

This has been fixed for intrepid. Thanks for the bug report.

Regards
chuck

Changed in apache2:
status: Triaged → Fix Released
Revision history for this message
Mika Turden (mika-turden-deactivatedaccount) wrote :

Hi,

Seems that this is confirmed to be fixed in the current Ubuntu release 8.10 (Intrepid Ibex)...
Anyway, here still my two cents for testing Hardy (8.0.4); I cannot quite get the self-signed certificate working according the instructions by maraja https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/77675/comments/47

Sure, the steps can be done succesfully, i.e. ssleay.cnf is available and all, but when testing https, error is thrown:

$ curl https://localhost
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
...
$ firefox https://localhost
"Secure Connection Failed"-page is thrown saying, that certificate is not trusted.

Detailed testing steps described in http://koti.mbnet.fi/deka/ubuntu

Regards,
Mika

Revision history for this message
enedene (enedene) wrote :

It's not working in 9.04 Jaunty.

Revision history for this message
Conor Gallagher (cjbooms) wrote :

I can also confirm that is not working in Jaunty. I've wasted a lot of time jumping from tutorial to tutorial to finally find the above thread. I'm planning on exploring the other options but this is really going to frustrate anyone starting out with SSL.

aaron (aeichler)
Changed in apache2 (Ubuntu):
status: Fix Released → Confirmed
status: Confirmed → Fix Released
ossie (ossie)
Changed in apache2 (Ubuntu):
status: Fix Released → In Progress
Revision history for this message
Mathias Gug (mathiaz) wrote :

Please don't change the status of a bug without giving an explanation.

Changed in apache2 (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
moncefioce (moncefbouallagui1) wrote :

je sais pas

Revision history for this message
Kumar (kumarldh) wrote :

Hi,

The bug exists in Karmic. I just tried to run the command:
kumar@kumar:~$ apache2-ssl-certificate
apache2-ssl-certificate: command not found

This may not stop any determined from creating certificates but its still an issue.

Changed in apache2 (Ubuntu):
status: Fix Released → Confirmed
Revision history for this message
QQ Some More (qqsomemore) wrote :

Found this issue by following a tutorial that used apache2-ssl-certificate as others mentioned. Started at 8.04 and upgraded up to 9.10 checking if apache2 would include the script at each step along the way. No luck.

I'm glad I found this discussion explaining the issue with posts to other tutorials for making the cert. However until I did it was pretty confusing to be missing the script while the tutorials were saying it should be part of the apache2 package. I realize that in general you don't want to design packages based on someone overgeneralizing in an install guide but the script sounds useful and if it's a good fit on the Ubuntu side including it would clear up some confusion for people that end up in the same situation.

Revision history for this message
Chuck Short (zulcss) wrote :

This has been fixed for a while now.

chuck

Changed in apache2 (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
2GooD (david+launchpad) wrote :

@Chuck Short: If this is fixed, where is the apache2-ssl-certificate script? I can't find it:

http://packages.ubuntu.com/search?searchon=contents&keywords=apache2-ssl-certificate&mode=filename&suite=lucid&arch=any

"You have searched for filenames that contain apache2-ssl-certificate in suite lucid, all sections, and all architectures.

Sorry, your search gave no results"

Revision history for this message
gl1176 (gl76) wrote :

The way to do this has changed. The procedure is still simple for a self signed ssl cert.

The following is the correct way:

apt-get install apache2
a2enmod ssl
a2ensite default-ssl
make-ssl-cert generate-default-snakeoil
/etc/init.d/apache2 restart

You can find this in the follow doc under SSL:
/usr/share/doc/apache2.2-common/README.Debian.gz

Revision history for this message
flindeberg (flindeberg) wrote :

Just want to point out that often a force is required when making a new ssl-cert for proper functionality.

 make-ssl-cert generate-default-snakeoil --force-overwrite

I'm guessing most people who have googled this bug has had some form certificate before, so forcing a overwrite is usually a good idea since neither the internet nor your hosts file are static.. =P

But as gl1176 mentioned, check out the readme /usr/share/doc/apacheX.X-common/README.Debian.gz .

Revision history for this message
speeves (speeves) wrote :

This is a question. We should close this as a bug now.

Changed in apache2 (Ubuntu):
assignee: nobody → speeves (speeves)
Revision history for this message
speeves (speeves) wrote :

Marking

Changed in apache2 (Ubuntu):
status: Fix Released → Invalid
assignee: speeves (speeves) → nobody
mmm (mariuszschumann)
Changed in apache2 (Ubuntu):
status: Invalid → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.