Re: OpenSSL and apache2 wildcard self-signed certificate for nested subdomain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Le mer. 14 déc. 2011 13:49:54 CET, Tom Evans a écrit :

On Wed, Dec 14, 2011 at 12:43 PM, rey sebastien<reyman64@xxxxxxxxx>  wrote:

Hello users :)
I try to ask a "smart" question on my problem...

I have some problem with nested subdomain and wildcard openssl certificate..
perhaps, i don't know, this is because the subdomain type is :
site1.parisgeo.cnrs.fr, or site2.parisgeo.cnrs.fr, or other subdomain like
xxxx.parisgeo.cnrs.fr
…
I generate my certificate like this (CN = *.parisgeo.cnrs.fr) :

openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
openssl req -newkey rsa:1024 -nodes -keyout parisgeo.cnrs.fr.key -out
…
root@xxxx:/etc/ssl# openssl s_client -connect partage.parisgeo.cnrs.fr:443
…
     Verify return code: 18 (self signed certificate)
---
closed

The firefox error when i try to connect to the site is :

An error occurred during a connection to partage.parisgeo.cnrs.fr.
Peer's certificate has an invalid signature.
(Error code: sec_error_bad_signature)



Firefox will not trust a self signed certificate unless you install
the CA certificate into your browser's keychain. Other browsers will
ask if you want to accept a self signed certificate.

Cheers

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See<URL:http://httpd.apache.org/userslist.html>  for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



Thanks for yout great explain,
I try to connect with chrome, and it's possible to access the website, so you're right ...
Is there any solution to bypass this problem ? With another type of self signed certificate wich need no CA ? or contain the Ca i don't know ? 

Cheers,
SR.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux