This guide tells you how to create your own Certificate Authority. You
can't use CA cert as a server SSL cert you have to use it for signing
server cert. See OpenSSL documentation for this or try to use this:
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert
On 9/21/07, edwardspl@xxxxxxxxxx <edwardspl@xxxxxxxxxx> wrote:
>
> Hello,
>
> Following this guide !
> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca
>
> Edward.
>
>
> Serge Dubrouski wrote:
>
> Where did you get you SSL certificate? Look like it's not the right one.
>
> On 9/21/07, edwardspl@xxxxxxxxxx <edwardspl@xxxxxxxxxx> wrote:
>
>
> Dear All,
>
> I can't to enable the https as the following :
>
> <VirtualHost webmail.ita.org.mo>
> Redirect / https://webmail.ita.org.mo:443
> </VirtualHost>
>
> <VirtualHost webmail.ita.org.mo>
> DocumentRoot ...
> ServerName webmail.ita.org.mo
> ErrorLog ...
> TransferLog ...
> SSLEngine on
> SSLCertificateFile server.crt
> SSLCertificateKeyFile server.key
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> SSLOptions +StdEnvVars
> </Files>
> <Directory "/var/www/cgi-bin">
> SSLOptions +StdEnvVars
> </Directory>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> CustomLog /var/log/itawm-ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> </VirtualHost>
>
>
> error log of web server :
> [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
> [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
>
> ssl error log :
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost.localdomain' does NOT match server name!?
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost.localdomain' does NOT match server name!?
>
> So, what mistake about the config ?
>
> Remark : The ssl is self-signed SSL Certificate, and the Web Server come
> with FC6 System.
>
> Thanks !
>
> Edward.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest:
> users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
>
>
>
>
>
--
Serge Dubrouski.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|