httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harrell, Roger" <>
Subject RE: [users@httpd] Generating self-signed key doesn't work?
Date Mon, 29 Mar 2004 19:33:07 GMT
> -----Original Message-----
> From: Harrell, Roger []
> I've been trying to get a self-signed cert so I can test SSL, 
> but I keep
> running into a problem with the cert. I have used the Red Hat default
> scripts for generating a self-signed cert, as well as 
> manually generating
> the cert:
> openssl req -x509 -new -key server.key -out server.crt
> In all cases the cert includes CA:TRUE. When I start Apache I get:
> [warn] RSA server certificate is a CA certificate 
> (BasicConstraints: CA ==
> TRUE !?)

>So you have made a CA (Certificate Authority) cert. Well done, you need
>this, but you can't use it in the server. The next steps are:
>- make a CSR (certificate signing request) for your site
>- sign it using the CA cert.
>this produces a site cert which you can use in the VH.
>There is a great selection of how-tos at:

Ok, so I took my existing key and did:
openssl req -new -key /etc/httpd/conf/ssl.key/server.key -out

openssl x509 -req -days 30 -in /etc/httpd/conf/ssl.csr/server.csr -signkey
/etc/httpd/conf/ssl.key/server.key -out /etc/httpd/conf/ssl.crt/server.crt

When I restart apache it prompts for the key password and starts without
error. I no longer get the CA=true warning when httpd starts. However when I
go to:

I still get a server not found error. I do know that the server is receiving
the requests because I monitored port 443 requests and see them coming in.

So I'm still missing something. Any thoughts?


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message