Msg#: 4292799 posted 1:07 am on Apr 6, 2011 (gmt 0)
I've generated my own self-signed certificate, and it's OK. I have a real one that I paid for, and I'll swap it in later.
When I view my site with HTTPS, I get the warnings, fine fine fine
but the certificate being used is the wrong one! It does not show my organization name, my country, province, nor does it even have the right Common Name (*.example.com), instead it's showing the name of the server it's on (vps.mywebserver.com)
In the <VirtualHost> section, I've added this where I define the example.com site:
SSLEngine on SSLCertificateFile /var/www/html/example.com/ssl/example.com.crt SSLCertificateKeyFile /var/www/html/example.com/ssl/example.com.key
And I expected Apache to use those.
But instead, it's using certificates defined in /etc/httpd/conf.d/ssl.conf,
<VirtualHost _default_:443> ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key ...
that localhost.key stuff was apparently created when I installed mod_ssl.
Obviously, I'd like Apache to use my custom <VirtualHost> with the keys I just made. Not these default ones.
Should I alter this ssl.conf file?
If so, in what way? Should I nuke the whole <VirtualHost _default_> section?