Thanks Ken. Good information.
I setup my certificate for 10.x.x.x and when I try and access the site, i use https://10.x.x.x and I get the error about the certificate being setup for a different web site. I've read up on this and the example they usually use is make sure you use www.foobar.com and not just foobar.com. I am assuming if I setup my certificate for <address> then https://<address> should work. Is this assumption correct? As far as the 3rd party goes, I'll have to do some research. I am trying to use all open src tools and free stuff. Are they any CA's that are free and trusted by most web browser? Thanks. Bernhard Fröhlich wrote: > > ProgrammerMP schrieb: >> Configuration: >> -Apache 2.0.61 >> -OpenSSL 0.9.8g >> -Windows Platform >> >> Setup: >> I have installed Apache and OpenSSL on my PC. Everything works. >> I create a certificate and key using my ip address for Server Name: >> 10.X.X.X >> I changed my Apache Configuration to use to listen to port 443 and point >> to >> the key and certificate. >> >> when I go to https://10.x.x.x I get the following error messages: >> There is a problem with this website's security certificate. >> -The security certificate presented by this website was not issued by a >> trusted certificate authority. >> -The security certificate presented by this website was issued for a >> different website's address. >> >> If I click Continue to this website, I get to my website, but I'm using >> https and I have Red X instead of a Green Lock on the top of the web page >> because of my certifigate errors. >> >> I have looked up these errors online, but I am still not sure what I am >> doing wrong. >> >> Is my certificate not trusted by a trusted certifcate authority a problem >> because I am self signing my certificate? >> > > Yes, this is probably your problem. You (and everyone else who wants to > see the Green Lock with your website) have to tell your browser that it > should trust the certificate. > > Note that a self signed certificate is quite useless from a security > point of view if you have no way of verifying its fingerprint using a > different secure communication channel. Everyone can issue a self signed > certificate with the name of your website. > Maybe you should consider requesting a certificate from a (probably > commercial) CA which has its root certificate already trusted by usual > browsers... > >> Is my different website's address a problem because I am using an IP >> address >> (10.x.x.x) instead of a domain name like www.foobar.com? >> > This may be a second problem. If your certificate is issued for the IP > Address and you are using a DNS name to reach your site the browser will > not accept this. The other way round's the same. >> Any suggestions would be greatly appreciated. >> > Hope it helps. > Ted > ;) > > -- > PGP Public Key Information > Download complete Key from http://www.convey.de/ted/tedkey_convey.asc > Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 > > > > -- View this message in context: http://www.nabble.com/Problems-with-Website%27s-Security-Certificate-tf4878124.html#a13976920 Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
