Well if you need IE testing MS has handily created a number of VM's for that.

https://www.modern.ie/en-us/virtualization-tools hope it helps.

On Thu, Oct 23, 2014 at 12:32 PM, Keith Smith <techlists@phpcoderusa.com> wrote:

Thank you Matt for your reply!

<embedded reply />

On 2014-10-19 13:21, Matt Graham wrote:
On 2014-10-16 20:54, techlists@phpcoderusa.com wrote:
I have a local LAMP box I use for development running CentOS 6.5.
openssl genrsa -out ca.key 2048
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
I Then verified the ssl.conf file and restarted httpd.

This looks correct.  In an openssl context, though, CA usually means
"Certificate Authority", which might cause confusion if you've got
something else somewhere that uses an actual CA.  I usually name the
certs "$SITENAME.crt" for maximum ease of understanding.

I am using this cert for multiple local dev sites with no problem in
FireFox (I add the exception).  When I use Internet explorer it says
"Mismatched Address" even if I add it to the trusted sites list.

DNS problems?  I was trying something similar with IE at work, and it
wasn't finding the "127.0.0.1 server example.com" entry in
lmhosts.sam.  (Then again, "Run away screaming from IE" is my general
policy...)



I'd like to run away screaming.  I need IE for testing only.


Do I need to create a cert for each website?  Or can I create a wild
card cert that I can use on all of them?

You should be able to make a wildcard cert and have it be accepted.
Just make the CN be "*.whatever.org" when you're generating the CSR,
and then test on server1.whatever.org , server2.whatever.org , etc.


Easy enough.  All sites are subdomains.

I followed a website that said I needed to add a section as seen
below to openssl.cnf [and some other changes]
[snip]

I have never modified openssl.cnf for any of the self-signed certs
I've generated, and they've all Just Worked.  What were the other
changes you made?

The new cert works just like the old cert requiring I add the
exception in FF and IE does not like the cert at all.

I can't make IE barf in that way with the self-signed cert on
https://crow202.org/questions.html , but crow202.org has a valid DNS
entry and the cert was generated with the default openssl.cnf .

It is probably something in my config.

Thank you for your help!!
Keith

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss



--
A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.

Stephen