httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Serge Dubrouski" <serge...@gmail.com>
Subject Re: [users@httpd] https can;t be good for work
Date Fri, 21 Sep 2007 16:03:26 GMT
You still have a CA certificate configured as a Server SSL
certificate. That won't work. Get self signed SSL Server certificate.

On 9/21/07, edwardspl@ita.org.mo <edwardspl@ita.org.mo> wrote:
>
>  Hello to you,
>
>  re-post there again:
>  [Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
>  [Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
>  [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
>  [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
>
>  [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
>  [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate CommonName (CN)
> `localhost.localdomain' does NOT match server name!?
>  [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
>  [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate CommonName (CN)
> `localhost.localdomain' does NOT match server name!?
>
>
>  Edward.
>
>  Serge Dubrouski wrote:
>
>  What is the error message when you try selfsigned cert?
>
> On 9/21/07, edwardspl@ita.org.mo <edwardspl@ita.org.mo> wrote:
>
>
>  Hello to you,
>
>  I have ever tried to the self cert, but it is still problem...
>  BTW, for the VH ( Virtual Host ) config, how to convert http to https ?
>  Due to http need the 80 port, and https need the 443 port...
>
>  Thanks !
>
>  Edward.
>
>
>  Serge Dubrouski wrote:
>
>  This guide tells you how to create your own Certificate Authority. You
> can't use CA cert as a server SSL cert you have to use it for signing
> server cert. See OpenSSL documentation for this or try to use this:
>
> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert
>
> On 9/21/07, edwardspl@ita.org.mo <edwardspl@ita.org.mo> wrote:
>
>
>  Hello,
>
>  Following this guide !
>  http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca
>
>  Edward.
>
>
>  Serge Dubrouski wrote:
>
>  Where did you get you SSL certificate? Look like it's not the right one.
>
> On 9/21/07, edwardspl@ita.org.mo <edwardspl@ita.org.mo> wrote:
>
>
>  Dear All,
>
> I can't to enable the https as the following :
>
> <VirtualHost webmail.ita.org.mo>
> Redirect / https://webmail.ita.org.mo:443
> </VirtualHost>
>
> <VirtualHost webmail.ita.org.mo>
> DocumentRoot ...
> ServerName webmail.ita.org.mo
> ErrorLog ...
> TransferLog ...
> SSLEngine on
> SSLCertificateFile server.crt
> SSLCertificateKeyFile server.key
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
>  SSLOptions +StdEnvVars
> </Files>
> <Directory "/var/www/cgi-bin">
>  SSLOptions +StdEnvVars
> </Directory>
> SetEnvIf User-Agent ".*MSIE.*" \
>  nokeepalive ssl-unclean-shutdown \
>  downgrade-1.0 force-response-1.0
> CustomLog /var/log/itawm-ssl_request_log \
>  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> </VirtualHost>
>
>
> error log of web server :
> [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
> [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
>
> ssl error log :
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost.localdomain' does NOT match server name!?
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost.localdomain' does NOT match server name!?
>
> So, what mistake about the config ?
>
> Remark : The ssl is self-signed SSL Certificate, and the Web Server come
> with FC6 System.
>
> Thanks !
>
> Edward.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>  " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


-- 
Serge Dubrouski.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message