The package was created by Z. Wagner - Ice Bear Soft,
wagner@mbox.cesnet.cz.
SSL module for Apache requires a certificate. The scripts for making a certificate, creating a certification authority and signing certificates are included neither in the distribution of Apache with mod_ssl for OS/2 nor in the version of OpenSSL compiled for OS/2. The user is thus required to obtain the complete distribution of OpenSSL. Moreover, the scripts require UNIX-like shell or Perl and UNIX-like utilities. The user may not have them installed. For these reasons I decided to implement the functions by means of native OS/2 programs. The Rexx programs presented here can generate a server key, create a certificate signing request, establish a certification authority and sign keys.
The programs were created exactly according to the documentation. In fact, most of them
was copied from the FAQ and the signing script was directly translated from
sign.sh.
This document is also included in the package sslrexx-dist.zip, it is not necessary to save it.
You can also download a modified package with some improvements and more detailed documentation which was kindly contributed by Michael Warmuth.
The programs from this package may be used and distributed under the terms of GNU General Public License. See COPYING for the text of the license.
The package is signed with PGP 2.6.3 and 5.0. My public keys are included or may also be found in key servers.
The package requires OpenSSL compiled for OS/2. You will also need Apache with mod_ssl.
Both these programs can be downloaded from
http://silk.apana.org.au/apache/. Be sure
that openssl.exe resides in a directory listed in PATH. You must
also have Rexx installed. If you do not have it in your system, install it by Selective
Install.
The programs rely on files with long names which may or may not be case sensitive. Be
sure that you run these programs on a file system supporting long file names such as HPFS
or EXT2. Specifically passchg.cmd and decrypt.cmd will destroy
the key if it is run on FAT.
cert.cmd generates the server key and the certificate signing request. It
takes one parameter - the name of the key. If the parameter is not specified, the key is
stored in server.key and the certificate signing request in
server.csr.
ca.cmd establishes a certification authority. It generates a key and a
self signed certificate. The program requires the name of the key as a parameter. If the
parameter is not specified, the key will be stored in ca.key and the self
signed certificate will be ca.crt.
sign.cmd signs the certificate signing request. The program requires the
CSR file specified as a parameter.
keydecrypt.cmd decrypts the key and stores it in undecrypted form. It
requires name of the key as a parameter. The decrypted file has the name with
.unsecure appended.
keydetails.cmd displays the details of keys, certificates and signing
requests. It requires two arguments: the first one specifies the file name, the second one
specifies the type which is one of the following:
passchg.cmd is used for changing the pass-phrase. The key file will be
stored under the same name.