httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Victor Porton <>
Subject [users@httpd] StartSSL (not self-signed) cert but says "The certificate is not trusted because it is self-signed"
Date Mon, 06 Apr 2015 17:24:16 GMT
I've tried to set SSL for one site at my Debian Linux wheezy server
(which serves multiple domains).

I've prepared StartSSL keys and certificate and put them
into /etc/apache2/ssl/

But when I started the below configuration (with Debian command
`a2ensite withoutvowels.conf`), after I opened I've got

This Connection is Untrusted

You have asked Iceweasel to connect securely to, but
we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted
identification to prove that you are going to the right place. However,
this site's identity can't be verified.
What Should I Do?

If you usually connect to this site without problems, this error could
mean that someone is trying to impersonate the site, and you shouldn't
continue. uses an invalid security certificate. The certificate
is not trusted because it is self-signed. The certificate is only valid
for d1stkfactory (Error code: sec_error_unknown_issuer)

After this error I've stopped to use the below configuration and
replaced it with my old (non-SSL) configuration.

The config /etc/apache2/sites-available/withoutvowels.conf for the site
is below:

<VirtualHost *:443>

        SuexecUserGroup withoutvowels withoutvowels

        ServerAdmin webmaster@localhost

        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCertificateFile /etc/apache2/ssl/ssl.crt
        SSLCertificateKeyFile /etc/apache2/ssl/private.key

SSLCertificateChainFile /etc/apache2/ssl/

        DocumentRoot /var/www/withoutvowels/web
        <Directory /var/www/withoutvowels>
                Options Indexes SymlinksIfOwnerMatch
                AllowOverride All
                Order allow,deny
                allow from all

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined

<VirtualHost *:80> 
    Redirect permanent /

<VirtualHost *:443> 
    Redirect permanent /

<VirtualHost *:80> 
    Redirect permanent /

Victor Porton -

View raw message