homepage Welcome to WebmasterWorld Guest from 50.17.86.12
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
another SSL question.
httpwebwitch

WebmasterWorld Administrator httpwebwitch us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4292799 posted 1:07 am on Apr 6, 2011 (gmt 0)

I've generated my own self-signed certificate, and it's OK. I have a real one that I paid for, and I'll swap it in later.

When I view my site with HTTPS, I get the warnings, fine fine fine

but the certificate being used is the wrong one! It does not show my organization name, my country, province, nor does it even have the right Common Name (*.example.com), instead it's showing the name of the server it's on (vps.mywebserver.com)

In the <VirtualHost> section, I've added this where I define the example.com site:

SSLEngine on
SSLCertificateFile /var/www/html/example.com/ssl/example.com.crt
SSLCertificateKeyFile /var/www/html/example.com/ssl/example.com.key

And I expected Apache to use those.

But instead, it's using certificates defined in /etc/httpd/conf.d/ssl.conf,

namely:

<VirtualHost _default_:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
...

that localhost.key stuff was apparently created when I installed mod_ssl.

Obviously, I'd like Apache to use my custom <VirtualHost> with the keys I just made. Not these default ones.

Should I alter this ssl.conf file?

If so, in what way? Should I nuke the whole <VirtualHost _default_> section?

 

httpwebwitch

WebmasterWorld Administrator httpwebwitch us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4292799 posted 1:13 am on Apr 6, 2011 (gmt 0)

OMG I'm kind of embarrased, I figured it out just moments after posting here.

I'd defined the site with my IP address and port 80.

<VirtualHost 66.66.66.66:80> ...

I just had to put in a new section, all the same settings, but listening to port 443.

<VirtualHost 66.66.66.66:443> ...


I still get the "self-signed" warning, but at least it's for the right domain.

I hope this post helps someone else, some day

cheers

dstiles

WebmasterWorld Senior Member dstiles us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4292799 posted 10:48 pm on Apr 6, 2011 (gmt 0)

That may not be all of it. Sites with SSL certs must have unique IPs. If they don't then any other SSL cert on the virtual host ON THAT IP will be likely to show erroneously.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved