On Sat, Nov 14, 2009 at 8:37 AM, Krist van Besien
<krist.vanbesien@xxxxxxxxx> wrote:
> On Fri, Nov 13, 2009 at 7:58 PM, Randy Paries <rtparies@xxxxxxxxx> wrote:
>> On Fri, Nov 13, 2009 at 12:26 PM, Krist van Besien
>> <krist.vanbesien@xxxxxxxxx> wrote:
>>> On Fri, Nov 13, 2009 at 6:14 PM, Randy Paries <rtparies@xxxxxxxxx> wrote:
>>>> also i have this in my httpd
>>>> NameVirtualHost 216.186.190.101:80
>>>> NameVirtualHost 216.186.190.106:80
>>>> NameVirtualHost 216.186.190.101:443
>>>
>>> You probably don't need these.
>>>
>>> I asume you have your one SSL host on 216.186.190.101 and another on
>>> 216.186.190.106 ?
>>>
>>> Krist
>>>
>>
>> so i tried to re-issue my cert so the file names are a little different.
>>
>> so here is where i am now
>>
>> two domains:
>> 1) unitfaces.com is supposed to have the real cert
>> 2)yumasnowbirds.com is suppose to have the self signed cert
>>
>> <VirtualHost 216.186.190.101:443>
>> ServerAdmin webmaster@xxxxxxxxxxxx
>> DocumentRoot /home/unitfaces/
>>
>> ServerName www.unitfaces.com
>> ServerAlias unitfaces.com
>>
>> ErrorLog logs/unitfacesSSL.com-error_log
>> CustomLog logs/unitfacesSSL.com-access_log combined
>>
>> SSLEngine on
>> SSLCertificateFile /etc/httpd/conf/ssl.crt/www.unitfaces.com.crt
>> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.calgary.key
>>
>> </VirtualHost>
>>
>> <VirtualHost 216.186.190.106:443>
>> ServerAdmin webmaster@xxxxxxxxxxxx
>> DocumentRoot /home/yumasnowbirds/
>>
>> ServerName www.yumasnowbirds.com
>> ServerAlias yumasnowbirds.com
>>
>> ErrorLog logs/yumasnowbirdsSSL.com-error_log
>> CustomLog logs/yumasnowbirdsSSL.com-access_log combined
>>
>> SSLEngine on
>> SSLCertificateFile /etc/httpd/conf/ssl.crt/www.yumasnowbirds.com.crt
>> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.calgary.key
>>
>> </VirtualHost>
>
> That looks all OK to me.
>
>>
>> here is some more info
>> if i do
>> #openssl s_client -connect www.unitfaces.com:443 -showcerts
>> i see (btw , i have no idea where it is getting this info??)
>> CONNECTED(00000003)
>> depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@xxxxxxxxxxxxxxxxxxxxx
>> verify error:num=18:self signed certificate
>> verify return:1
>> depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@xxxxxxxxxxxxxxxxxxxxx
>> verify return:1
>
> This is all info from the certificate. It appears that unitfaces.com
> has a self signed certificate. You can verify this with:
> openssl x509 -in /etc/httpd/conf/ssl.crt/www.unitfaces.com.crt -text
> (dot this on your sever...)
>
> I think that some of your assumption about what's in
> www.unitfces.com.crt might be wrong...
>
> Krist
>
Krist
So is there a way/log to see what cert is being used by apache
if i do openssl x509 -in /etc/httpd/conf/ssl.crt/www.unitfaces.com.crt -text
[root@calgary ~]# openssl x509 -in
/etc/httpd/conf/ssl.crt/www.unitfaces.com.crt -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte
Consulting cc, OU=Certification Services Division, CN=Thawte Premium
Server CA/emailAddress=premium-server@xxxxxxxxxx
Validity
Not Before: Nov 13 00:00:00 2009 GMT
Not After : Aug 6 23:59:59 2010 GMT
Subject: C=US, ST=Alabama, L=Huntsville, O=UnitNet Inc.,
OU=UnitFaces, CN=www.unitfaces.com
This does not make any sense. It is like it is pulling this cert
magically out of the air
so confused..
Ramdy
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|