Re: https can;t be good for work

edwardspl@xxxxxxxxxx · Fri, 21 Sep 2007 23:56:41 +0800

What is the error message when you try selfsigned cert?

On 9/21/07, edwardspl@xxxxxxxxxx <edwardspl@xxxxxxxxxx> wrote:

 Hello to you,

 I have ever tried to the self cert, but it is still problem...
 BTW, for the VH ( Virtual Host ) config, how to convert http to https ?
 Due to http need the 80 port, and https need the 443 port...

 Thanks !

 Edward.

 Serge Dubrouski wrote:

 This guide tells you how to create your own Certificate Authority. You
can't use CA cert as a server SSL cert you have to use it for signing
server cert. See OpenSSL documentation for this or try to use this:

http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert

On 9/21/07, edwardspl@xxxxxxxxxx <edwardspl@xxxxxxxxxx> wrote:

 Hello,

 Following this guide !
 http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca

 Edward.

 Serge Dubrouski wrote:

 Where did you get you SSL certificate? Look like it's not the right one.

On 9/21/07, edwardspl@xxxxxxxxxx <edwardspl@xxxxxxxxxx> wrote:

 Dear All,

I can't to enable the https as the following :

<VirtualHost webmail.ita.org.mo>
Redirect / https://webmail.ita.org.mo:443
</VirtualHost>

<VirtualHost webmail.ita.org.mo>
DocumentRoot ...
ServerName webmail.ita.org.mo
ErrorLog ...
TransferLog ...
SSLEngine on
SSLCertificateFile server.crt
SSLCertificateKeyFile server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
 SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
 SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0
CustomLog /var/log/itawm-ssl_request_log \
 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

error log of web server :
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?

ssl error log :
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?

So, what mistake about the config ?

Remark : The ssl is self-signed SSL Certificate, and the Web Server come
with FC6 System.

Thanks !

Edward.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more
info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
 " from the digest:
users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx