httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rey sebastien <reyma...@gmail.com>
Subject Re: [users@httpd] OpenSSL and apache2 wildcard self-signed certificate for nested subdomain
Date Wed, 14 Dec 2011 13:35:46 GMT
Le mer. 14 déc. 2011 14:19:09 CET, Igor Galić a écrit :
>
>
> ----- Original Message -----
>> Le mer. 14 déc. 2011 13:49:54 CET, Tom Evans a écrit :
>>> On Wed, Dec 14, 2011 at 12:43 PM, rey sebastien<reyman64@gmail.com>
>>>   wrote:
>>>> Hello users :)
>>>> I try to ask a "smart" question on my problem...
>>>>
>>>> I have some problem with nested subdomain and wildcard openssl
>>>> certificate..
>>>> perhaps, i don't know, this is because the subdomain type is :
>>>> site1.parisgeo.cnrs.fr, or site2.parisgeo.cnrs.fr, or other
>>>> subdomain like
>>>> xxxx.parisgeo.cnrs.fr
>>>> …
>>>> I generate my certificate like this (CN = *.parisgeo.cnrs.fr) :
>>>>
>>>> openssl genrsa -des3 -out ca.key 2048
>>>> openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
>>>> openssl req -newkey rsa:1024 -nodes -keyout parisgeo.cnrs.fr.key
>>>> -out
>>>> …
>>>> root@xxxx:/etc/ssl# openssl s_client -connect
>>>> partage.parisgeo.cnrs.fr:443
>>>> …
>>>>       Verify return code: 18 (self signed certificate)
>>>> ---
>>>> closed
>>>>
>>>> The firefox error when i try to connect to the site is :
>>>>
>>>> An error occurred during a connection to partage.parisgeo.cnrs.fr.
>>>> Peer's certificate has an invalid signature.
>>>> (Error code: sec_error_bad_signature)
>>>>
>>>
>>> Firefox will not trust a self signed certificate unless you install
>>> the CA certificate into your browser's keychain. Other browsers
>>> will
>>> ask if you want to accept a self signed certificate.
>>>
>>> Cheers
>>>
>>> Tom
>>>
>>
>> Thanks for yout great explain,
>> I try to connect with chrome, and it's possible to access the
>> website,
>> so you're right ...
>>
>> Is there any solution to bypass this problem ? With another type of
>> self signed certificate wich need no CA ? or contain the Ca i don't
>> know ?
>
> cacert.org will issue free certificates, and, IIRC, also wildcard
> certificates. They are available in *most* browsers.
>
>> Cheers,
>> SR.
>
> i
>

Thanks for information Igor,
I find the cacert.org site, but not the IIRC site, can you give me more 
information ?
I'm not the owner of parisgeo.cnrs.fr because the root domain is the 
french institution cnrs.fr, so can i create this type of certificate ?



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message