View previous topic :: View next topic |
Author |
Message |
alex.blackbit Advocate
Joined: 26 Jul 2005 Posts: 2397
|
Posted: Sat Jul 07, 2007 1:21 pm Post subject: [SOLVED] apache ssl cert trouble |
|
|
hello everybody!
in the past i have done that successfully, but now i can't any more.
i followed the guide on the apache website for my version 2.2.
when i use Code: | $ openssl req -new -x509 -nodes -out server.crt -keyout server.key | , i CAN conect with all browers, but i get the following in the log: Code: | [Sat Jul 07 15:08:21 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) | but okay, that's not the right way anyways...
when i create a CA, a csr and sign the csr i still can connect with the browers lynx,links,elinks, but no more with firefox. i get a error message about about a bad signature (in german, so i do not know the exact text in english), but no warnings or errors in the logs. very strange.
i used the following to create the cert in the second case: Code: | ### create the key of the CA
$ openssl genrsa -des3 -out ca.key 1024
### create the cert of the CA
$ openssl req -new -x509 -days 3650 -nodes -sha1 -key ca.key -out ca.crt
### create the (encrypted) key of the server
$ openssl genrsa -des3 -out xx.vu.key.encrypted 1024
### uncrypt the server key (for apache startup without prompt)
$ openssl rsa -in xx.vu.key.encrypted -out xx.vu.key
### create the signing request
$ openssl req -new -key xx.vu.key -out xx.vu.csr
### sign the request
$ openssl x509 -req -in xx.vu.csr -out xx.vu.crt -sha1 -CA ca.crt -CAkey ca.key -CAcreateserial -days 3650 |
does anybody have a clue why i cannot connect with firefox?
Last edited by alex.blackbit on Sun Jul 08, 2007 12:09 pm; edited 1 time in total |
|
Back to top |
|
|
alex.blackbit Advocate
Joined: 26 Jul 2005 Posts: 2397
|
Posted: Sun Jul 08, 2007 12:08 pm Post subject: |
|
|
problem solved.
when creating the CA cert, the "common name" of the CA must NOT be the same as the "common name" of the server certificate.
i didn't know that before, found the solution just by playing around. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|