The package was created by Z. Wagner - Ice Bear Soft, http://icebearsoft.euweb.cz.
SSL module for Apache requires a certificate. The scripts for making a certificate, creating a certification authority and signing certificates are included neither in the distribution of Apache with mod_ssl for OS/2 nor in the version of OpenSSL compiled for OS/2. The user is thus required to obtain the complete distribution of OpenSSL. Moreover, the scripts require UNIX-like shell or Perl and UNIX-like utilities. The user may not have them installed. For these reasons I decided to implement the functions by means of native OS/2 programs. The Rexx programs presented here can generate a server key, create a certificate signing request, establish a certification authority and sign keys.
The programs were created exactly according to the documentation. In fact, most of them
was copied from the FAQ and the signing script was directly translated from
This document is also included in the package sslrexx-dist.zip, it is not necessary to save it.
You can also download a modified package with some improvements and more detailed documentation which was kindly contributed by Michael Warmuth.
The programs from this package may be used and distributed under the terms of GNU General Public License. See COPYING for the text of the license.
The package is signed with PGP 2.6.3 and 5.0. My public keys are included or may also be found in key servers.
The package requires OpenSSL compiled for OS/2. You will also need Apache with mod_ssl.
Both these programs can be downloaded from
http://silk.apana.org.au/apache/. Be sure
openssl.exe resides in a directory listed in
PATH. You must
also have Rexx installed. If you do not have it in your system, install it by Selective
The programs rely on files with long names which may or may not be case sensitive. Be
sure that you run these programs on a file system supporting long file names such as HPFS
or EXT2. Specifically
decrypt.cmd will destroy
the key if it is run on FAT.
cert.cmdgenerates the server key and the certificate signing request. It takes one parameter - the name of the key. If the parameter is not specified, the key is stored in
server.keyand the certificate signing request in
ca.cmdestablishes a certification authority. It generates a key and a self signed certificate. The program requires the name of the key as a parameter. If the parameter is not specified, the key will be stored in
ca.keyand the self signed certificate will be
sign.cmdsigns the certificate signing request. The program requires the CSR file specified as a parameter.
keydecrypt.cmddecrypts the key and stores it in undecrypted form. It requires name of the key as a parameter. The decrypted file has the name with
keydetails.cmddisplays the details of keys, certificates and signing requests. It requires two arguments: the first one specifies the file name, the second one specifies the type which is one of the following:
passchg.cmdis used for changing the pass-phrase. The key file will be stored under the same name.