Re: https can;t be good for work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



James Kosin wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
edwardspl@xxxxxxxxxx wrote:
  
Dear All,

I can't to enable the https as the following :

<VirtualHost webmail.ita.org.mo>
Redirect / https://webmail.ita.org.mo:443
</VirtualHost>

<VirtualHost webmail.ita.org.mo>
DocumentRoot ...
ServerName webmail.ita.org.mo
ErrorLog ...
TransferLog ...
SSLEngine on
SSLCertificateFile server.crt
SSLCertificateKeyFile server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
   SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
   SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
CustomLog /var/log/itawm-ssl_request_log \
         "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>


error log of web server :
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName
(CN) `localhost' does NOT match server name!?
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName
(CN) `localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName
(CN) `localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName
(CN) `localhost' does NOT match server name!?

ssl error log :
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName
(CN) `localhost.localdomain' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName
(CN) `localhost.localdomain' does NOT match server name!?

So, what mistake about the config ?

Remark : The ssl is self-signed SSL Certificate, and the Web Server
come with FC6 System.

Thanks !

Edward.

    
Edward,

You didn't do anything wrong.  You will have to create a certificate
for webmail.ita.org.mo for this to work without the warnings.  The
default cert does not handle external connections...
I believe the cets will be in the /etc/httpd/conf  directory.

  
Hello Jame,

After the config and restart the web server...
I found that we can't to connect to http://webmail.ita.org.mo ( include redirect problem : https ) !
So, would you mind to give me more help ?

Thanks !

Edward.

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux