configure a test SSL

Eric Shubert ejs at shubes.net
Mon Aug 31 19:22:55 MST 2009 

keith smith wrote:
> Here it is.  Thanks!
> 
> Also log shows this about 10 times
> 
> [Mon Aug 31 18:30:09 2009] [warn] RSA server certificate CommonName (CN) `newcart.dev' does NOT match server name!?

What CommonName (CN) did you use when you generated the certificate request?

What does the
# host --fqdn
command show you on your server?

The CN name you use on the certificate request should match the result 
of "host --fqdn" on your server. Change whichever so that they match.

> 
> <VirtualHost 192.168.20.20:443>
>    DocumentRoot "/work/dev/newcart.dev"
>    ServerName newcart.dev:443
>    ErrorLog logs/ssl_error_log
>    TransferLog logs/ssl_access_log
>    ##LogLevel warn
> 
>    LogLevel debug
> 
>    ##SSLEngine on
>    ##SSLProtocol all -SSLv2
>    ##SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
>    ##SSLCertificateFile /etc/pki/tls/certs/localhost.crt
>    ##SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
>    #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
>    #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
> 
>    ##<Files ~ "\.(cgi|shtml|phtml|php3?)$">
>    ##    SSLOptions +StdEnvVars
>    ##</Files>
>    ##<Directory "/var/www/cgi-bin">
>    ##    SSLOptions +StdEnvVars
>    ##</Directory>
> 
>    ##SetEnvIf User-Agent ".*MSIE.*" \
>    ##      nokeepalive ssl-unclean-shutdown \
>    ##      downgrade-1.0 force-response-1.0
> 
>    ##CustomLog logs/ssl_request_log \
>    ##       "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> 
> </VirtualHost>
> 
> 
> ------------------------
> Keith Smith
> 
> 
> --- On Mon, 8/31/09, Alex Dean <alex at crackpot.org> wrote:
> 
>> From: Alex Dean <alex at crackpot.org>
>> Subject: Re: configure a test SSL
>> To: "Main PLUG discussion list" <plug-discuss at lists.plug.phoenix.az.us>
>> Date: Monday, August 31, 2009, 6:07 PM
>>
>> On Aug 31, 2009, at 7:08 PM, keith smith wrote:
>>
>>> openssl s_client -showcerts
>>>
>>> returns
>>>
>>> connect: Connection refused
>>> connect:errno=29
>>>
>> no idea on that one.
>>
>>> and when I try to access the site with https I get
>>>
>>>
>>> Secure Connection Failed
>>>
>>> An error occurred during a connection to newcart.dev.
>>>
>>> SSL received a record with an unknown content type.
>>>
>>> (Error code: ssl_error_rx_unknown_record_type)
>>>
>>> The page you are trying to view can not be shown
>> because the authenticity of the received data could not be
>> verified.
>>>     * Please contact the web site owners to
>> inform them of this problem.
>>> ---
>>> Any ideas much appreciated.
>> It's normal to see the 'authenticity could not be verified'
>> error with a self-signed cert.  If you want to get rid
>> of that error, you have to get your certificate signed by a
>> recognized signing athority like Verisign or GoDaddy.
>>
>> The 'unknown content type' error may be another
>> issue.  Post your VirtualHost config for your SSL vhost
>> so we can troubleshoot.  Or, you can change LogLevel to
>> 'debug' in your Apache config and watch the error log while
>> you access the server with a browser.
>>
>> alex
>>
>> -----Inline Attachment Follows-----
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail
>> settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> 
>       


-- 
-Eric 'shubes'

More information about the PLUG-discuss mailing list