httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Victor Porton <por...@narod.ru>
Subject [users@httpd] StartSSL (not self-signed) cert but says "The certificate is not trusted because it is self-signed"
Date Mon, 06 Apr 2015 17:24:16 GMT
I've tried to set SSL for one site at my Debian Linux wheezy server
(which serves multiple domains).

I've prepared StartSSL keys and certificate and put them
into /etc/apache2/ssl/

But when I started the below configuration (with Debian command
`a2ensite withoutvowels.conf`), after I opened
https://withoutvowels.org/wiki/Without_Vowels_project I've got

[[[[
This Connection is Untrusted

You have asked Iceweasel to connect securely to withoutvowels.org, but
we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted
identification to prove that you are going to the right place. However,
this site's identity can't be verified.
What Should I Do?

If you usually connect to this site without problems, this error could
mean that someone is trying to impersonate the site, and you shouldn't
continue.

withoutvowels.org uses an invalid security certificate. The certificate
is not trusted because it is self-signed. The certificate is only valid
for d1stkfactory (Error code: sec_error_unknown_issuer)
]]]]

After this error I've stopped to use the below configuration and
replaced it with my old (non-SSL) configuration.

The config /etc/apache2/sites-available/withoutvowels.conf for the site
is below:

<VirtualHost *:443>
        ServerName withoutvowels.org

        SuexecUserGroup withoutvowels withoutvowels

        ServerAdmin webmaster@localhost

        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
        SSLCertificateFile /etc/apache2/ssl/ssl.crt
        SSLCertificateKeyFile /etc/apache2/ssl/private.key

SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem

        DocumentRoot /var/www/withoutvowels/web
        <Directory /var/www/withoutvowels>
                Options Indexes SymlinksIfOwnerMatch
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error,
crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:80> 
    ServerName www.withoutvowels.org
    Redirect permanent / https://withoutvowels.org/
</VirtualHost> 

<VirtualHost *:443> 
    ServerName www.withoutvowels.org
    Redirect permanent / https://withoutvowels.org/
</VirtualHost> 

<VirtualHost *:80> 
    ServerName withoutvowels.org
    Redirect permanent / https://withoutvowels.org/
</VirtualHost>

-- 
Victor Porton - http://portonvictor.org

Mime
View raw message