Can't make an encryption key and server certificate by following the 12.3 reference guide

Hello. I don’t seem to have some software installed that the OpenSuse 12.3 reference page regarding the installation and configuration of Apache and PHP seems to assume that I do have. It says to install the software pattern for LAMP, but when I did it didn’t install Apache , but did install most parts of PHP except for mod_PHP5. It’s probably because I just casually followed the reference guide the first time I tried installing the software: only installing the things I knew I actually needed rather than just installing the entire pattern. So when the guide started talking about using Yast to configure Apache and configuring virtual hosts–two things that I have zero experience of doing–it wasn’t long before I inevitably messed it all up and had to start again. I assume that the fact they weren’t reinstalled as part of the pattern must have been something to do with my initial abortive attempt to just install only what I wanted.

So anyway, I’m doing much better this time by doing what the guide says even when I’m thinking “but I’m not going to use that/don’t want to do that”, but I still can’t get SSL working. I’m interested in making a self-signed X509 certificate so I start to follow the steps in section 20.6.1.2. It says.

However , when I cd into the directory indicated and issue the command, my web host complains that it hasn’t got a clue what mkcert is.

I tried searching for mkcert.sh with Yast but I didn’t find anything. Can anyone help? I’m reluctant to just make a key and certificate and manually update the config files myself because everything seems less straight-forward than if I’d just compiled everything from source and made minor tweaks to the default config. I get the feeling I’ll just break something again if I try to do things how I used to years ago. I had a bit of a try before giving up and just reinstalling last time. It just kept saying in the log file that the SSL session cache wasn’t configured any time I tried to use https. Even though (as far as I could tell anyway) that it was.

IMO the documentation is out of date.
Guess what? - You can submit a bug at bugzilla.novell.com and get some credit for discovering this bug! Use the same login credentials you used to post to this Forum.

Now, what you <should> do…

To my eye, this Ubuntu guide looks good with some minor modifications
https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-12-04

Note that you need to install openssl, you can do this from a root console as follows

zypper in openssl
  • Install apache using the LAMP pattern. IMO it’s likely apache was installed but you didn’t know how to find it (eg is referenced with “apache2” not “apache”)
  • You must manually start and enable the service after installation. You can do this going into YAST System Init Services in Advanced Mode or execute the following from a root console

systemctl enable apache2.service
systemctl start apache2.service

Since I’m only recommending the ubuntu guide by eye and not actually stepping through the steps in a real install, if you do find the guide useful with my recommendations, be sure to post back here whether you were successful or not.

HTH,
TSU

It was installing the LAMP pattern that caused Apache2 and mod_php5 to not get installed. I always check that it’s Apache 2 and PHP5 that I’ve chosen when installing individual packages, but for some reason Apache 2 and modphp5 didn’t get installed when installing from the LAMP pattern. All of PHP5 that would expect to be installed from the pattern was installed except for the Apache module. I have no idea what I did do wrong, but I always deal with Apache 2.

Thanks for the link to the Ubuntu guide, though. I’ll go and have a peek at it now and see how it goes.

Well I looked at the article you linked to and it seemed to be giving instructions not too dissimilar from how I would do it years ago when I used to compile everything from source. So I decided to have another stab at a setting it up quite like how I used to and hope it worked. I’m glad to say that this time it worked. I just too lots of extra care this time and kept checking and rechecking that I’d done everything I needed to and hadn’t made a mistake. I have very poor eyesight and memory so when I’m dealing with far more config files at once than I was used to even before my memory and vision became a problem, it’s very easy for me to make a mistake and not notice it or forget that I need to change two files instead of one.

Anyway, It’s all sorted now ,but I couldn’t report the error in the documentation as a bug. The bugzilla site says it needs an email address confirmation which I cannot give because, for some reason, when I try to update the email email address associated with my account here to one I actually have access to, the page with the form to update the address insists I’m getting my password wrong. So I gave up trying to update my email address in case I got locked out of my account for using the wrong password too many times.

Thanks anyway!

The mkcert.sh method was deprecated years ago so the documentation needs to be updated.

As for your password change problem, sounds like a common issue for many authentication systems when trying to do too many things at once or not clearing your cookies after making changes to your account(this latter issue I’ve been meaning to issue a bug myself). Although I don’t believe the Attachmate authentication and Web Apps(eg Forums and Bugzilla) store/read actual credentials are stored in the web browser cookies, the use and implementation of tokens in the cookies is very faulty in a number of scenarios. The workaround is that after you make changes to your account or change your network connection or have a bookmarks issue, use a different web browser for the next day or two.

Anyway, glad to hear the Guide fixed your problem.

TSU