Usually it's something like this: # Generate private key openssl genrsa -out ca.key 2048 # Generate CSR openssl req -new -key ca.key -out ca.csr # Generate Self Signed Key openssl x509 -req -days 999 -in ca.csr -signkey ca.key -out ca.crt # Copy the files to the correct locations cp ca.crt /etc/pki/tls/certs/localhost.crt cp ca.key /etc/pki/tls/private/localhost.key cp ca.csr /etc/pki/tls/private/ca.csr -- JD Austin Voice: 480.269.4335 (480 2MY Geek) jd@twingeckos.com On Fri, Jul 3, 2015 at 8:17 PM, Keith Smith wrote: > It was easier to just start over - 20 min and the cert is not an issue any > longer. > > > On 2015-07-03 18:39, Keith Smith wrote: > >> Hi, >> >> >> I'm setting up a VirtualBox and am setting up a VM using CentOS 6.6. >> Everything was running and I could see default welcome page in desktop >> by using the IP for the URL. >> >> Then I wanted to configure a virtual host as a dev / test site. >> >> I tried creating the SSL Cert by using openssl. >> >> # cd /etc/pki/tls/certs >> # make mycert.pem >> >> This confused me. I noticed there was a file >> /etc/pki/tls/localhost.crt that had been created today so I deleted >> it. >> >> Ten I using the command: >> >> openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout >> /etc/httpd/ssl/test-site-name.key -out >> /etc/httpd/ssl/test-site-name.crt >> >> Which created the certs. >> >> I configured the virtual host and when I restarted Apache it just >> fails w/o any message. >> >> The logs: >> >> tail error_log >> [Fri Jul 03 17:49:36 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jul 03 17:51:27 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jul 03 17:52:28 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jul 03 17:56:13 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jul 03 17:57:13 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jul 03 17:57:19 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jul 03 17:59:35 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jul 03 18:02:14 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jul 03 18:02:46 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jul 03 18:03:17 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> >> >> tail ssl_error_log >> [Fri Jul 03 18:02:14 2015] [error] Unable to configure RSA server private >> key >> [Fri Jul 03 18:02:14 2015] [error] SSL Library Error: 185073780 >> error:0B080074:x509 certificate routines:X509_check_private_key:key >> values mismatch >> [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate is a CA >> certificate (BasicConstraints: CA == TRUE !?) >> [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate CommonName >> (CN) `localhost.localdomain' does NOT match server name!? >> [Fri Jul 03 18:02:46 2015] [error] Unable to configure RSA server private >> key >> [Fri Jul 03 18:02:46 2015] [error] SSL Library Error: 185073780 >> error:0B080074:x509 certificate routines:X509_check_private_key:key >> values mismatch >> [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate is a CA >> certificate (BasicConstraints: CA == TRUE !?) >> [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate CommonName >> (CN) `localhost.localdomain' does NOT match server name!? >> [Fri Jul 03 18:03:17 2015] [error] Unable to configure RSA server private >> key >> [Fri Jul 03 18:03:17 2015] [error] SSL Library Error: 185073780 >> error:0B080074:x509 certificate routines:X509_check_private_key:key >> values mismatch >> >> >> Tried: >> >> openssl x509 -noout -modulus -in your_domain_com.crt | openssl md5 >> openssl rsa -noout -modulus -in your_domain_com.key | openssl md5 >> >> and got matching numbers. >> >> Any help is much appreciated. >> > > -- > Keith Smith > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss >