configure a test SSL
keith smith
klsmith2020 at yahoo.com
Mon Aug 31 19:23:11 MST 2009
Made those three changes and now FireFox says
Secure Connection Failed
newcart.dev uses an invalid security certificate.
The certificate is not trusted because it is self signed.
(Error code: sec_error_untrusted_issuer)
---
I added an exception to FireFox and now it works!!!!!
Thanks to everyone who pushed me in the right direction!!
------------------------
Keith Smith
--- On Mon, 8/31/09, Alex Dean <alex at crackpot.org> wrote:
> From: Alex Dean <alex at crackpot.org>
> Subject: Re: configure a test SSL
> To: "Main PLUG discussion list" <plug-discuss at lists.plug.phoenix.az.us>
> Date: Monday, August 31, 2009, 7:06 PM
> On Aug 31, 2009, at 8:50 PM, keith
> smith wrote:
>
> > Here it is. Thanks!
> >
> > Also log shows this about 10 times
> >
> > [Mon Aug 31 18:30:09 2009] [warn] RSA server
> certificate CommonName (CN) `newcart.dev' does NOT match
> server name!?
> >
> >
> >
> > <VirtualHost 192.168.20.20:443>
> > DocumentRoot "/work/dev/newcart.dev"
> > ServerName newcart.dev:443
> > ErrorLog logs/ssl_error_log
> > TransferLog logs/ssl_access_log
> > ##LogLevel warn
> >
> > LogLevel debug
> >
> > ##SSLEngine on
> > ##SSLProtocol all -SSLv2
> > ##SSLCipherSuite
> ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
> > ##SSLCertificateFile
> /etc/pki/tls/certs/localhost.crt
> > ##SSLCertificateKeyFile
> /etc/pki/tls/private/localhost.key
> > #SSLCertificateChainFile
> /etc/pki/tls/certs/server-chain.crt
> > #SSLCACertificateFile
> /etc/pki/tls/certs/ca-bundle.crt
> >
> > ##<Files ~
> "\.(cgi|shtml|phtml|php3?)$">
> > ## SSLOptions
> +StdEnvVars
> > ##</Files>
> > ##<Directory
> "/var/www/cgi-bin">
> > ## SSLOptions
> +StdEnvVars
> > ##</Directory>
> >
> > ##SetEnvIf User-Agent ".*MSIE.*" \
> > ## nokeepalive
> ssl-unclean-shutdown \
> > ## downgrade-1.0
> force-response-1.0
> >
> > ##CustomLog logs/ssl_request_log \
> > ## "%t
> %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> >
> > </VirtualHost>
> >
>
> ok, with all that stuff commented out, the browser sends
> you an ssl request, and you answer in plaintext. Chaos
> ensues. (The server doesn't 'know' that its supposed
> to speak ssl on port 443. That's a common convention,
> but not a technical requirement.)
>
> The only must-have directives are SSLEngine on,
> SSLCertificateFile, and SSLCertificateKeyFile (that file
> should only be readable by root, btw). Everything else
> seems fine at a glance, but you can leave the rest commented
> out while you're debugging.
>
> alex
>
> -----Inline Attachment Follows-----
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail
> settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list