Made those three changes and now FireFox says Secure Connection Failed newcart.dev uses an invalid security certificate. The certificate is not trusted because it is self signed. (Error code: sec_error_untrusted_issuer) --- I added an exception to FireFox and now it works!!!!! Thanks to everyone who pushed me in the right direction!! ------------------------ Keith Smith --- On Mon, 8/31/09, Alex Dean wrote: > From: Alex Dean > Subject: Re: configure a test SSL > To: "Main PLUG discussion list" > Date: Monday, August 31, 2009, 7:06 PM > On Aug 31, 2009, at 8:50 PM, keith > smith wrote: > > > Here it is.  Thanks! > > > > Also log shows this about 10 times > > > > [Mon Aug 31 18:30:09 2009] [warn] RSA server > certificate CommonName (CN) `newcart.dev' does NOT match > server name!? > > > > > > > > > >   DocumentRoot "/work/dev/newcart.dev" > >   ServerName newcart.dev:443 > >   ErrorLog logs/ssl_error_log > >   TransferLog logs/ssl_access_log > >   ##LogLevel warn > > > >   LogLevel debug > > > >   ##SSLEngine on > >   ##SSLProtocol all -SSLv2 > >   ##SSLCipherSuite > ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW > >   ##SSLCertificateFile > /etc/pki/tls/certs/localhost.crt > >   ##SSLCertificateKeyFile > /etc/pki/tls/private/localhost.key > >   #SSLCertificateChainFile > /etc/pki/tls/certs/server-chain.crt > >   #SSLCACertificateFile > /etc/pki/tls/certs/ca-bundle.crt > > > >   ## "\.(cgi|shtml|phtml|php3?)$"> > >   ##    SSLOptions > +StdEnvVars > >   ## > >   ## "/var/www/cgi-bin"> > >   ##    SSLOptions > +StdEnvVars > >   ## > > > >   ##SetEnvIf User-Agent ".*MSIE.*" \ > >   ##      nokeepalive > ssl-unclean-shutdown \ > >   ##      downgrade-1.0 > force-response-1.0 > > > >   ##CustomLog logs/ssl_request_log \ > >   ##       "%t > %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > > > > > > > > ok, with all that stuff commented out, the browser sends > you an ssl request, and you answer in plaintext.  Chaos > ensues.  (The server doesn't 'know' that its supposed > to speak ssl on port 443.  That's a common convention, > but not a technical requirement.) > > The only must-have directives are SSLEngine on, > SSLCertificateFile, and SSLCertificateKeyFile (that file > should only be readable by root, btw).  Everything else > seems fine at a glance, but you can leave the rest commented > out while you're debugging. > > alex > > -----Inline Attachment Follows----- > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail > settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss