I've see that. I hope to try it soon. I do have a laptop running Win7 for my M$ needs. On 2014-10-23 16:16, Stephen Partington wrote: > Well if you need IE testing MS has handily created a number of VM's > for that. > > https://www.modern.ie/en-us/virtualization-tools [7] hope it helps. > > On Thu, Oct 23, 2014 at 12:32 PM, Keith Smith > wrote: > >> Thank you Matt for your reply! >> >> >> >> On 2014-10-19 13:21, Matt Graham wrote: >> On 2014-10-16 20:54, techlists@phpcoderusa.com wrote: >> I have a local LAMP box I use for development running CentOS 6.5. >> openssl genrsa -out ca.key 2048 >> openssl req -new -key ca.key -out ca.csr >> openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt >> I Then verified the ssl.conf file and restarted httpd. >> >> This looks correct.  In an openssl context, though, CA usually >> means >> "Certificate Authority", which might cause confusion if you've got >> something else somewhere that uses an actual CA.  I usually name >> the >> certs "$SITENAME.crt" for maximum ease of understanding. >> >> I am using this cert for multiple local dev sites with no problem >> in >> FireFox (I add the exception).  When I use Internet explorer it >> says >> "Mismatched Address" even if I add it to the trusted sites list. >> >> DNS problems?  I was trying something similar with IE at work, and >> it >> wasn't finding the "127.0.0.1 server example.com [1]" entry in >> lmhosts.sam.  (Then again, "Run away screaming from IE" is my >> general >> policy...) > > I'd like to run away screaming.  I need IE for testing only. > >>> Do I need to create a cert for each website?  Or can I create a >>> wild >>> card cert that I can use on all of them? >> >> You should be able to make a wildcard cert and have it be accepted. >> Just make the CN be "*.whatever.org [2]" when you're generating the >> CSR, >> and then test on server1.whatever.org [3] , server2.whatever.org >> [4] , etc. > > Easy enough.  All sites are subdomains. > >>> I followed a website that said I needed to add a section as seen >>> below to openssl.cnf [and some other changes] >> [snip] >> >> I have never modified openssl.cnf for any of the self-signed certs >> I've generated, and they've all Just Worked.  What were the other >> changes you made? >> >>> The new cert works just like the old cert requiring I add the >>> exception in FF and IE does not like the cert at all. >> >> I can't make IE barf in that way with the self-signed cert on >> https://crow202.org/questions.html [5] , but crow202.org [6] has a >> valid DNS >> entry and the cert was generated with the default openssl.cnf . > > It is probably something in my config. > > Thank you for your help!! > Keith > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss [8] > > -- > A mouse trap, placed on top of your alarm clock, will prevent you from > rolling over and going back to sleep after you hit the snooze button. > > Stephen > > > > Links: > ------ > [1] http://example.com > [2] http://whatever.org > [3] http://server1.whatever.org > [4] http://server2.whatever.org > [5] https://crow202.org/questions.html > [6] http://crow202.org > [7] https://www.modern.ie/en-us/virtualization-tools > [8] http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss -- Keith Smith --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss