SSL Self signed certificate CommonName error
My be someone can help me to figure out what's wrong with my configuration.
I'm tring to configure an https domain with a Self-Signed Certificate. After mainy different configs I still receive this error:
Strange I supress every where '`localhost' !
My comon name match my website address. I did a check with openssl x509 -subject -in /etc/ssl/certs/server.crt
To install and generate the certificate I did:
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
sudo cp server.crt /etc/ssl/certs
(FYI: here the prompt says "cp: server.crt' and/etc/ssl/certs/server.crt' are the same file" I'mnot sure what that means?)
sudo cp server.key /etc/ssl/private
What I have at this stage as as configuration is:
I'm on Ubuntu 9.10 with Apache 2.
My hosts file is:
127.0.0.1 myHostName localhost
myLinodeIp myHostName.MyWebSIte.com myHostName
The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
I have as a hostname: myHostName
My ports.conf is:
NameVirtualHost myIpAddress:80
Listen 80
NameVirtualHost statement here
Listen myPort
My ssl Virtual hosts
NameVirtualHost myIp:myPort
DocumentRoot /srv/www/myDomain.com/public_html
AllowOverride None
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateChainFile /etc/ssl/certs/server.crt
SSLCACertificateFile /etc/ssl/certs/server.crt
BrowserMatch ".MSIE." \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
Any thoughts.
Thanks alot.
Jean
2 Replies
> $ openssl req -new -key /tmp/test.key -out /tmp/test.csr
Enter pass phrase for /tmp/test.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
–---
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
www.example.com [/b]
The problem seems a bit odd. When I generated a new certificate, I was coping it to the same directory then the old one, which I allready had removed.
By some quirck of the system, it appears somethings stayed in the computer memory, throwing the message server.crt' and/etc/ssl/certs/server.crt' are the same file"
I also rearrange a little my virtualhost config.
NameVirtualHost xxx.xx.xxx.xx:port
DocumentRoot /srv/www/my.domaine.com/public_html
RedirectPermanent /
AllowOverride None
SSLOptions +StrictRequire
Options -Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/my.domain.com.pem
SSLCertificateKeyFile /etc/ssl/private/my.domain.com.key
BrowserMatch ".MSIE." \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
Many thanks,
Jean