Thanks!!! I'll try this. I'm hoping for once cert for all sites. On 2015-07-04 15:34, JD Austin wrote: > Usually it's something like this: > > # Generate private key > openssl genrsa -out ca.key 2048 > > # Generate CSR > openssl req -new -key ca.key -out ca.csr > > # Generate Self Signed Key > openssl x509 -req -days 999 -in ca.csr -signkey ca.key -out ca.crt > > # Copy the files to the correct locations > cp ca.crt /etc/pki/tls/certs/localhost.crt > cp ca.key /etc/pki/tls/private/localhost.key > cp ca.csr /etc/pki/tls/private/ca.csr > > -- JD Austin > Voice: 480.269.4335 (480 2MY Geek) > jd@twingeckos.com > > On Fri, Jul 3, 2015 at 8:17 PM, Keith Smith > wrote: > >> It was easier to just start over - 20 min and the cert is not an >> issue any longer. >> >> On 2015-07-03 18:39, Keith Smith wrote: >> >>> Hi, >>> >>> I'm setting up a VirtualBox and am setting up a VM using CentOS >>> 6.6. >>> Everything was running and I could see default welcome page in >>> desktop >>> by using the IP for the URL. >>> >>> Then I wanted to configure a virtual host as a dev / test site. >>> >>> I tried creating the SSL Cert by using openssl. >>> >>> # cd /etc/pki/tls/certs >>> # make mycert.pem >>> >>> This confused me.  I noticed there was a file >>> /etc/pki/tls/localhost.crt that had been created today so I >>> deleted >>> it. >>> >>> Ten I using the command: >>> >>> openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout >>> /etc/httpd/ssl/test-site-name.key -out >>> /etc/httpd/ssl/test-site-name.crt >>> >>> Which created the certs. >>> >>> I configured the virtual host and when I restarted Apache it just >>> fails w/o any message. >>> >>> The logs: >>> >>> tail error_log >>> [Fri Jul 03 17:49:36 2015] [notice] suEXEC mechanism enabled >>> (wrapper: >>> /usr/sbin/suexec) >>> [Fri Jul 03 17:51:27 2015] [notice] suEXEC mechanism enabled >>> (wrapper: >>> /usr/sbin/suexec) >>> [Fri Jul 03 17:52:28 2015] [notice] suEXEC mechanism enabled >>> (wrapper: >>> /usr/sbin/suexec) >>> [Fri Jul 03 17:56:13 2015] [notice] suEXEC mechanism enabled >>> (wrapper: >>> /usr/sbin/suexec) >>> [Fri Jul 03 17:57:13 2015] [notice] suEXEC mechanism enabled >>> (wrapper: >>> /usr/sbin/suexec) >>> [Fri Jul 03 17:57:19 2015] [notice] suEXEC mechanism enabled >>> (wrapper: >>> /usr/sbin/suexec) >>> [Fri Jul 03 17:59:35 2015] [notice] suEXEC mechanism enabled >>> (wrapper: >>> /usr/sbin/suexec) >>> [Fri Jul 03 18:02:14 2015] [notice] suEXEC mechanism enabled >>> (wrapper: >>> /usr/sbin/suexec) >>> [Fri Jul 03 18:02:46 2015] [notice] suEXEC mechanism enabled >>> (wrapper: >>> /usr/sbin/suexec) >>> [Fri Jul 03 18:03:17 2015] [notice] suEXEC mechanism enabled >>> (wrapper: >>> /usr/sbin/suexec) >>> >>> tail ssl_error_log >>> [Fri Jul 03 18:02:14 2015] [error] Unable to configure RSA server >>> private key >>> [Fri Jul 03 18:02:14 2015] [error] SSL Library Error: 185073780 >>> error:0B080074:x509 certificate >>> routines:X509_check_private_key:key >>> values mismatch >>> [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate is a CA >>> certificate (BasicConstraints: CA == TRUE !?) >>> [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate >>> CommonName >>> (CN) `localhost.localdomain' does NOT match server name!? >>> [Fri Jul 03 18:02:46 2015] [error] Unable to configure RSA server >>> private key >>> [Fri Jul 03 18:02:46 2015] [error] SSL Library Error: 185073780 >>> error:0B080074:x509 certificate >>> routines:X509_check_private_key:key >>> values mismatch >>> [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate is a CA >>> certificate (BasicConstraints: CA == TRUE !?) >>> [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate >>> CommonName >>> (CN) `localhost.localdomain' does NOT match server name!? >>> [Fri Jul 03 18:03:17 2015] [error] Unable to configure RSA server >>> private key >>> [Fri Jul 03 18:03:17 2015] [error] SSL Library Error: 185073780 >>> error:0B080074:x509 certificate >>> routines:X509_check_private_key:key >>> values mismatch >>> >>> Tried: >>> >>> openssl x509 -noout -modulus -in your_domain_com.crt | openssl >>> md5 >>> openssl rsa -noout -modulus -in your_domain_com.key | openssl md5 >>> >>> and got matching numbers. >>> >>> Any help is much appreciated. >> >> -- >> Keith Smith >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1] > > > > Links: > ------ > [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss -- Keith Smith --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss