Hello to you, [Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Sep 21 23:40:04 2007] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Sep 21 23:40:04 2007] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? Edward. Serge Dubrouski wrote: >What is the error message when you try selfsigned cert? > >On 9/21/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > >> Hello to you, >> >> I have ever tried to the self cert, but it is still problem... >> BTW, for the VH ( Virtual Host ) config, how to convert http to https ? >> Due to http need the 80 port, and https need the 443 port... >> >> Thanks ! >> >> Edward. >> >> >> Serge Dubrouski wrote: >> >> This guide tells you how to create your own Certificate Authority. You >>can't use CA cert as a server SSL cert you have to use it for signing >>server cert. See OpenSSL documentation for this or try to use this: >> >>http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert >> >>On 9/21/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >> >> >> Hello, >> >> Following this guide ! >> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca >> >> Edward. >> >> >> Serge Dubrouski wrote: >> >> Where did you get you SSL certificate? Look like it's not the right one. >> >>On 9/21/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >> >> >> Dear All, >> >>I can't to enable the https as the following : >> >><VirtualHost webmail.ita.org.mo> >>Redirect / https://webmail.ita.org.mo:443 >></VirtualHost> >> >><VirtualHost webmail.ita.org.mo> >>DocumentRoot ... >>ServerName webmail.ita.org.mo >>ErrorLog ... >>TransferLog ... >>SSLEngine on >>SSLCertificateFile server.crt >>SSLCertificateKeyFile server.key >><Files ~ "\.(cgi|shtml|phtml|php3?)$"> >> SSLOptions +StdEnvVars >></Files> >><Directory "/var/www/cgi-bin"> >> SSLOptions +StdEnvVars >></Directory> >>SetEnvIf User-Agent ".*MSIE.*" \ >> nokeepalive ssl-unclean-shutdown \ >> downgrade-1.0 force-response-1.0 >>CustomLog /var/log/itawm-ssl_request_log \ >> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" >></VirtualHost> >> >> >>error log of web server : >>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN) >>`localhost' does NOT match server name!? >>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA >>certificate (BasicConstraints: CA == TRUE !?) >>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN) >>`localhost' does NOT match server name!? >>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA >>certificate (BasicConstraints: CA == TRUE !?) >>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN) >>`localhost' does NOT match server name!? >>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA >>certificate (BasicConstraints: CA == TRUE !?) >>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN) >>`localhost' does NOT match server name!? >> >>ssl error log : >>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA >>certificate (BasicConstraints: CA == TRUE !?) >>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN) >>`localhost.localdomain' does NOT match server name!? >>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA >>certificate (BasicConstraints: CA == TRUE !?) >>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN) >>`localhost.localdomain' does NOT match server name!? >> >>So, what mistake about the config ? >> >>Remark : The ssl is self-signed SSL Certificate, and the Web Server come >>with FC6 System. >> >>Thanks ! >> >>Edward. >> >>--------------------------------------------------------------------- >>The official User-To-User support forum of the Apache HTTP Server Project. >>See <URL:http://httpd.apache.org/userslist.html> for more >>info. >>To unsubscribe, e-mail: [EMAIL PROTECTED] >> " from the digest: >>[EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> >> >> >> >> >> >> >> >> >> >> > > > >
