I've generated my own self-signed certificate, and it's OK. I have a real one that I paid for, and I'll swap it in later.
When I view my site with HTTPS, I get the warnings, fine fine fine
but the certificate being used is the wrong one! It does not show my organization name, my country, province, nor does it even have the right Common Name (*.example.com), instead it's showing the name of the server it's on (vps.mywebserver.com)
In the <VirtualHost> section, I've added this where I define the example.com site:
And I expected Apache to use those.
But instead, it's using certificates defined in /etc/httpd/conf.d/ssl.conf,
SSLProtocol all -SSLv2
that localhost.key stuff was apparently created when I installed mod_ssl.
Obviously, I'd like Apache to use my custom <VirtualHost> with the keys I just made. Not these default ones.
Should I alter this ssl.conf file?
If so, in what way? Should I nuke the whole <VirtualHost _default_> section?