StartSSL (not self-signed) cert but says "The certificate is not trusted because it is self-signed"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: StartSSL (not self-signed) cert but says "The certificate is not trusted because it is self-signed"
From: Victor Porton <porton@xxxxxxxx>
Date: Mon, 06 Apr 2015 20:24:16 +0300
Authentication-results: smtp16.mail.yandex.net; dkim=pass header.i=@narod.ru
Reply-to: users@xxxxxxxxxxxxxxxx

I've tried to set SSL for one site at my Debian Linux wheezy server (which serves multiple domains).

I've prepared StartSSL keys and certificate and put them into /etc/apache2/ssl/

But when I started the below configuration (with Debian command `a2ensite withoutvowels.conf`), after I opened https://withoutvowels.org/wiki/Without_Vowels_project I've got

[[[[
This Connection is Untrusted

You have asked Iceweasel to connect securely to withoutvowels.org, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

withoutvowels.org uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is only valid for d1stkfactory (Error code: sec_error_unknown_issuer)
]]]]

After this error I've stopped to use the below configuration and replaced it with my old (non-SSL) configuration.

The config /etc/apache2/sites-available/withoutvowels.conf for the site is below:

<VirtualHost *:443>
        ServerName withoutvowels.org

        SuexecUserGroup withoutvowels withoutvowels

        ServerAdmin webmaster@localhost

        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
        SSLCertificateFile /etc/apache2/ssl/ssl.crt
        SSLCertificateKeyFile /etc/apache2/ssl/private.key
        SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem

        DocumentRoot /var/www/withoutvowels/web
        <Directory /var/www/withoutvowels>
                Options Indexes SymlinksIfOwnerMatch
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:80>
    ServerName www.withoutvowels.org
    Redirect permanent / https://withoutvowels.org/
</VirtualHost>

<VirtualHost *:443>
    ServerName www.withoutvowels.org
    Redirect permanent / https://withoutvowels.org/
</VirtualHost>

<VirtualHost *:80>
    ServerName withoutvowels.org
    Redirect permanent / https://withoutvowels.org/
</VirtualHost>

-- 
Victor Porton - http://portonvictor.org

Follow-Ups:
- Re: StartSSL (not self-signed) cert but says "The certificate is not trusted because it is self-signed"
  - From: Sebastian Pipping

Prev by Date: Re: Apache 2.4 SSI
Next by Date: Re: StartSSL (not self-signed) cert but says "The certificate is not trusted because it is self-signed"
Previous by thread: Apache 2.4 SSI
Next by thread: Re: StartSSL (not self-signed) cert but says "The certificate is not trusted because it is self-signed"
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]