Re: Problems with Website's Security Certificate

Tue, 27 Nov 2007 02:42:46 -0800 

ProgrammerMP schrieb:

Configuration:
-Apache 2.0.61
-OpenSSL 0.9.8g
-Windows Platform

Setup:
I have installed Apache and OpenSSL on my PC. Everything works. I create a certificate and key using my ip address for Server Name: 10.X.X.X 
I changed my Apache Configuration to use to listen to port 443 and point to
the key and certificate.

when I go to https://10.x.x.x I get the following error messages:
There is a problem with this website's security certificate.
-The security certificate presented by this website was not issued by a
trusted certificate authority.
-The security certificate presented by this website was issued for a
different website's address.

If I click Continue to this website, I get to my website, but I'm using
https and I have Red X instead of a Green Lock on the top of the web page
because of my certifigate errors.

I have looked up these errors online, but I am still not sure what I am
doing wrong. 
Is my certificate not trusted by a trusted certifcate authority a problem
because I am self signing my certificate?
Yes, this is probably your problem. You (and everyone else who wants to see the Green Lock with your website) have to tell your browser that it should trust the certificate.
Note that a self signed certificate is quite useless from a security point of view if you have no way of verifying its fingerprint using a different secure communication channel. Everyone can issue a self signed certificate with the name of your website. Maybe you should consider requesting a certificate from a (probably commercial) CA which has its root certificate already trusted by usual browsers... 


Is my different website's address a problem because I am using an IP address
(10.x.x.x) instead of a domain name like www.foobar.com?
This may be a second problem. If your certificate is issued for the IP Address and you are using a DNS name to reach your site the browser will not accept this. The other way round's the same. 
Any suggestions would be greatly appreciated.

Hope it helps.
Ted
;)

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to