On Tue, Dec 09, 2003 at 03:53:54PM -0700, Leon wrote: > Apparently the problem is obscure enough that It's been suggested that thes > erver certificate be posted. Since I will be recreating tit afterwards > anyway, that isn't a problem. > > [EMAIL PROTECTED] ssl.crt]# openssl x509 -noout -text -in server.crt > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 0 (0x0) > Signature Algorithm: md5WithRSAEncryption > Issuer: C=US, ST=New Mexico, L=Los Alamos, O=Innovative Web > Applications, CN=rt.iwapps.com/[EMAIL PROTECTED] > Validity > Not Before: Dec 5 21:19:38 2003 GMT > Not After : Dec 4 21:19:38 2004 GMT > Subject: C=US, ST=New Mexico, L=Los Alamos, O=Innovative Web > Applications, CN=rt.iwapps.com/[EMAIL PROTECTED]
So it's self-signed. That shouldn't matter. What matters is what your apache directives are set to. I recommend... SSLCertificateFile /path/to/server.crt SSLCertificateKeyFile /path/to/server.key # These others should probably be commented out #SSLCertificateChainFile (unset) #SSLCACertificatePath (unset) #SSLCACertificateFile (unset) -- Some days it's just not worth chewing through the restraints... Mark Foster <[EMAIL PROTECTED]> http://mark.foster.cc/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
