mod_ssl continued

>>> Ok, I think I have the apache side of the SSL thing worked out. It
seems
>>> to be trying to serve the pages. When I go to:
>>> https://www.musicwithmeaning.com
>>>
>>> I get a "Page can not be displayed" error and my SSL error log shows:
>>>  [warn] RSA server certificate is a CA certificate (BasicConstraints:
CA
>>> == TRUE !?)
>>>
>>> Thoughts/comments/help?
>>>
>>>
>>>
>>> How did you create the certificate for https?
>>> Did you create a CA and use its cert. - the message looks like its 
>>> saying the cert. is for a CA rather than a server?
>>>
>>> For my latest https setup I used the makefile in /usr/share/ssl/certs,

>>> then copied the pem file it created into 
>>> /etc/httpd/conf/ssl.crt/server.crt and 
>>> /etc/httpd/conf/ssl.key/server.key. Very simple. 
>> 
>> 
>> Created a key as per RH customizationg guide:
>> in /usr/share/ssl/certs
>> make genkey
>> 
>> Then created a self-signed certificate:
>> make testcert
>> 
>Sorry, in that case I don't know what the problem is. That method ought
to 
>work - I presume RedHat tested it thoroughly.
>Do you get that message every time you try to load a page, or only when
the 
>httpd server starts?

Seems to be only when the server restarts. I did find a little more
information on the topic. My cert as generated by the make testcert has
the two lines:
            X509v3 Basic Constraints: 
            CA:TRUE

Which should be false? Or is there something else I need to do to get this
to work properly. Is the make gentest broken, or something else? I just
want to get the SSL up and tested before I start migrating things over.

Thanks,
Roger 


------------------------------------------
E-mail provided by AudibleFaith.com
Music and other resources
http://www.audiblefaith.com
Music With Meaning™