httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Galić <i.ga...@brainsware.org>
Subject Re: [users@httpd] OpenSSL and apache2 wildcard self-signed certificate for nested subdomain
Date Wed, 14 Dec 2011 13:19:09 GMT


----- Original Message -----
> Le mer. 14 déc. 2011 13:49:54 CET, Tom Evans a écrit :
> > On Wed, Dec 14, 2011 at 12:43 PM, rey sebastien<reyman64@gmail.com>
> >  wrote:
> >> Hello users :)
> >> I try to ask a "smart" question on my problem...
> >>
> >> I have some problem with nested subdomain and wildcard openssl
> >> certificate..
> >> perhaps, i don't know, this is because the subdomain type is :
> >> site1.parisgeo.cnrs.fr, or site2.parisgeo.cnrs.fr, or other
> >> subdomain like
> >> xxxx.parisgeo.cnrs.fr
> >> …
> >> I generate my certificate like this (CN = *.parisgeo.cnrs.fr) :
> >>
> >> openssl genrsa -des3 -out ca.key 2048
> >> openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
> >> openssl req -newkey rsa:1024 -nodes -keyout parisgeo.cnrs.fr.key
> >> -out
> >> …
> >> root@xxxx:/etc/ssl# openssl s_client -connect
> >> partage.parisgeo.cnrs.fr:443
> >> …
> >>      Verify return code: 18 (self signed certificate)
> >> ---
> >> closed
> >>
> >> The firefox error when i try to connect to the site is :
> >>
> >> An error occurred during a connection to partage.parisgeo.cnrs.fr.
> >> Peer's certificate has an invalid signature.
> >> (Error code: sec_error_bad_signature)
> >>
> >
> > Firefox will not trust a self signed certificate unless you install
> > the CA certificate into your browser's keychain. Other browsers
> > will
> > ask if you want to accept a self signed certificate.
> >
> > Cheers
> >
> > Tom
> >
> 
> Thanks for yout great explain,
> I try to connect with chrome, and it's possible to access the
> website,
> so you're right ...
> 
> Is there any solution to bypass this problem ? With another type of
> self signed certificate wich need no CA ? or contain the Ca i don't
> know ?

cacert.org will issue free certificates, and, IIRC, also wildcard
certificates. They are available in *most* browsers.

> Cheers,
> SR.

i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
GPG: 6880 4155 74BD FD7C B515  2EA5 4B1D 9E08 A097 C9AE


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message