[EMAIL PROTECTED] ssl.crt]# openssl x509 -noout -text -in server.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=New Mexico, L=Los Alamos, O=Innovative Web Applications, CN=rt.iwapps.com/[EMAIL PROTECTED]
Validity
Not Before: Dec 5 21:19:38 2003 GMT
Not After : Dec 4 21:19:38 2004 GMT
Subject: C=US, ST=New Mexico, L=Los Alamos, O=Innovative Web Applications, CN=rt.iwapps.com/[EMAIL PROTECTED]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:c7:14:70:36:b8:04:f4:c6:09:2e:7f:f1:82:7f:
e0:df:f6:d8:21:ac:15:a9:e5:53:f4:57:63:c0:74:
8b:42:00:d4:c6:f3:6a:0b:72:64:ac:6e:b1:08:82:
3f:5e:98:fd:31:2b:14:4f:d1:b4:e2:7f:01:6d:d8:
ae:61:30:ff:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:0B:79:98:0B:2E:68:3F:10:7D:5E:1B:32:B2:2C:AD:4E:00:0C:A3
X509v3 Authority Key Identifier:
keyid:FF:0B:79:98:0B:2E:68:3F:10:7D:5E:1B:32:B2:2C:AD:4E:00:0C:A3
DirName:/C=US/ST=New Mexico/L=Los Alamos/O=Innovative Web Applications/CN=rt.iwapps.com/[EMAIL PROTECTED]
serial:00
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
55:f1:92:b9:d7:d9:ba:e4:2d:4e:2e:b5:22:4d:d4:84:77:f2:
57:de:66:48:0e:28:19:23:c2:bd:b7:aa:9e:9e:68:ce:47:10:
65:76:a8:84:4b:2c:cf:dc:aa:e2:74:ec:02:23:37:a6:ec:d2:
af:b6:f4:23:25:04:f6:38:25:ceHope this helps
At 02:24 PM 12/9/03, Vadim Fedukovich wrote:
On Tue, Dec 09, 2003 at 12:28:47PM -0600, Jose Hernandez wrote: > Here, the problem is in the Certificate, the Linux hostname is not the same > that you gave in the certificate ... > > I mean in the Common Name field It must be the Linux hostname ...
website name as fetched from server cert CN should be the same as specified in VirtualHost section of Apache server. This name is not required to be the same as linux box hostname; they only should both resolve to the same IP address.
Please note I mean the VirtualHost listening to port 443 with "SSLEngine on"
>
> -----Original Message-----
> From: Leon [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, December 09, 2003 12:20 p.m.
> To: [EMAIL PROTECTED]
> Subject: Apache see cert as CA
>
>
> I'm trying to get a SSL site up on Apache. My system is:
> Redhat 8
> Apache 2.0.40
> OpenSSL .0.9.6b
>
> When I start Apache, It seems to think everything is OK. But when I try to
> browse to a page, I just get the default Apache home page. If I look at
> the SSL error log I get:
> [Mon Dec 08 15:35:24 2003] [warn] RSA server certificate CommonName (CN)
> `rt.domainname.com' does NOT match server name!?
> [Mon Dec 08 15:36:14 2003] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> I have worked thru the HOWTO's on Redhat creating a private key and
> creating the certs
> http://www.europe.redhat.com/documentation/HOWTO/SSL-RedHat-HOWTO-3.php3
>
> My ssl.conf entry is:
> NameVirtualHost rt.domainname.com:443
> <VirtualHost 192.168.0.99:443>
> ServerName rt.domainname.com
> DocumentRoot /opt/rt3/share/html
> ErrorLog logs/rt/error_log
> CustomLog logs/rt/access_log combined
> #AddDefaultCharset UTF-8
> PerlModule Apache2 Apache::compat
> PerlModule Apache::DBI
> PerlRequire /opt/rt3/bin/webmux.pl
>
> <Directory /opt/rt3/share/html>
> Order allow,deny
> Allow from all
> Options All
> AllowOverride All
> AddDefaultCharset UTF-8
> <Files *.html>
> SetHandler perl-script
> PerlHandler RT::Mason
> </Files>
> </Directory>
>
> <Directory /opt/rt3/share/html/Ticket/Attachment>
> SetHandler perl-script
> PerlHandler RT::Mason
> </Directory>
> <Directory /opt/rt3/share/html/SelfService/Attachment>
> SetHandler perl-script
> PerlHandler RT::Mason
> </Directory>
> <Directory /opt/rt3/share/html/REST>
> SetHandler perl-script
> PerlHandler RT::Mason
> </Directory>
>
> </VirtualHost>
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
-- Naina library: http://www.unity.net/~vf/naina_r1.tgz ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
