# mod_ssl key locations?

## Naughtyus

I can't seem to figure out how to get my own openssl keys to work in mod_ssl.  All I should really have to do is copy the keys to the dir that mod_ssl will look in, right?  (What dir might that be?)

----------

## rac

 *Naughtyus wrote:*   

> (What dir might that be?)

 

Is /etc/apache/conf/ssl what you are looking for?

----------

## Naughtyus

It was.. But it turns out I'm also looking for server.csr - or how to create it  :Sad: 

( from the manual: 

Now you can use this CA to sign server CSR's in order to create real SSL Certificates for use inside an Apache webserver (assuming you already have a server.csr at hand): 

$ ./sign.sh server.csr

)

----------

## rac

 *Naughtyus wrote:*   

> I'm also looking for server.csr - or how to create it 

 

Would /usr/lib/ssl/mod_ssl/gid-mkcert.sh be of some assistance?

----------

## Naughtyus

It most certainly would - thanks!

Now.. I assume I must still have missed something (of course..).  I've created and signed my certificates and keys, and moved them to /etc/apache/lib/ssl/mod_ssl  as well as /conf/ssl

as well as ca.db.certs.  I've overwritten &/or renamed all of the old files.  For some reason though, Apache is still using the 'test' key/certs...

----------

## rac

 *Naughtyus wrote:*   

> Apache is still using the 'test' key/certs...

 

Hmm.  Strange.  I'm assuming you restarted Apache.  Could you double-check that the key files it's looking for as specified in /etc/apache/conf/vhosts/ssl.default-vhost.conf are the ones you want it to be looking for?  If you get frustrated, maybe 

```
# strace -eopen -f apache -X
```

 will tell you what files Apache is really trying to open.

----------

## Naughtyus

Amazing response time.  :Smile: 

Checking that right now

----------

## Naughtyus

 :Very Happy: 

That got it!

Thank you very much for helping me out!

----------

