mod_ssl continued
roger at audiblefaith.com
Tue Mar 23 00:15:38 UTC 2004
>>> Ok, I think I have the apache side of the SSL thing worked out. It
seems
>>> to be trying to serve the pages. When I go to:
>>> https://www.musicwithmeaning.com
>>>
>>> I get a "Page can not be displayed" error and my SSL error log shows:
>>> [warn] RSA server certificate is a CA certificate (BasicConstraints:
CA
>>> == TRUE !?)
>>>
>>> Thoughts/comments/help?
>>>
>>>
>>>
>>> How did you create the certificate for https?
>>> Did you create a CA and use its cert. - the message looks like its
>>> saying the cert. is for a CA rather than a server?
>>>
>>> For my latest https setup I used the makefile in /usr/share/ssl/certs,
>>> then copied the pem file it created into
>>> /etc/httpd/conf/ssl.crt/server.crt and
>>> /etc/httpd/conf/ssl.key/server.key. Very simple.
>>
>>
>> Created a key as per RH customizationg guide:
>> in /usr/share/ssl/certs
>> make genkey
>>
>> Then created a self-signed certificate:
>> make testcert
>>
>Sorry, in that case I don't know what the problem is. That method ought
to
>work - I presume RedHat tested it thoroughly.
>Do you get that message every time you try to load a page, or only when
the
>httpd server starts?
Seems to be only when the server restarts. I did find a little more
information on the topic. My cert as generated by the make testcert has
the two lines:
X509v3 Basic Constraints:
CA:TRUE
Which should be false? Or is there something else I need to do to get this
to work properly. Is the make gentest broken, or something else? I just
want to get the SSL up and tested before I start migrating things over.
Thanks,
Roger
------------------------------------------
E-mail provided by AudibleFaith.com
Music and other resources
http://www.audiblefaith.com
Music With Meaning
More information about the Redhat-install-list
mailing list