Usually it's something like this:

# Generate private key
openssl genrsa -out ca.key 2048

# Generate CSR
openssl req -new -key ca.key -out ca.csr

# Generate Self Signed Key
openssl x509 -req -days 999 -in ca.csr -signkey ca.key -out ca.crt

# Copy the files to the correct locations
cp ca.crt /etc/pki/tls/certs/localhost.crt
cp ca.key /etc/pki/tls/private/localhost.key
cp ca.csr /etc/pki/tls/private/ca.csr



-- JD Austin
Voice: 480.269.4335 (480 2MY Geek)
jd@twingeckos.com


On Fri, Jul 3, 2015 at 8:17 PM, Keith Smith <techlists@phpcoderusa.com> wrote:
It was easier to just start over - 20 min and the cert is not an issue any longer.


On 2015-07-03 18:39, Keith Smith wrote:
Hi,


I'm setting up a VirtualBox and am setting up a VM using CentOS 6.6.
Everything was running and I could see default welcome page in desktop
by using the IP for the URL.

Then I wanted to configure a virtual host as a dev / test site.

I tried creating the SSL Cert by using openssl.

# cd /etc/pki/tls/certs
# make mycert.pem

This confused me.  I noticed there was a file
/etc/pki/tls/localhost.crt that had been created today so I deleted
it.

Ten I using the command:

openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout
/etc/httpd/ssl/test-site-name.key -out
/etc/httpd/ssl/test-site-name.crt

Which created the certs.

I configured the virtual host and when I restarted Apache it just
fails w/o any message.

The logs:

tail error_log
[Fri Jul 03 17:49:36 2015] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jul 03 17:51:27 2015] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jul 03 17:52:28 2015] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jul 03 17:56:13 2015] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jul 03 17:57:13 2015] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jul 03 17:57:19 2015] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jul 03 17:59:35 2015] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jul 03 18:02:14 2015] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jul 03 18:02:46 2015] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Jul 03 18:03:17 2015] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)


tail ssl_error_log
[Fri Jul 03 18:02:14 2015] [error] Unable to configure RSA server private key
[Fri Jul 03 18:02:14 2015] [error] SSL Library Error: 185073780
error:0B080074:x509 certificate routines:X509_check_private_key:key
values mismatch
[Fri Jul 03 18:02:46 2015] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Jul 03 18:02:46 2015] [warn] RSA server certificate CommonName
(CN) `localhost.localdomain' does NOT match server name!?
[Fri Jul 03 18:02:46 2015] [error] Unable to configure RSA server private key
[Fri Jul 03 18:02:46 2015] [error] SSL Library Error: 185073780
error:0B080074:x509 certificate routines:X509_check_private_key:key
values mismatch
[Fri Jul 03 18:03:17 2015] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Jul 03 18:03:17 2015] [warn] RSA server certificate CommonName
(CN) `localhost.localdomain' does NOT match server name!?
[Fri Jul 03 18:03:17 2015] [error] Unable to configure RSA server private key
[Fri Jul 03 18:03:17 2015] [error] SSL Library Error: 185073780
error:0B080074:x509 certificate routines:X509_check_private_key:key
values mismatch


Tried:

openssl x509 -noout -modulus -in your_domain_com.crt | openssl md5
openssl rsa -noout -modulus -in your_domain_com.key | openssl md5

and got matching numbers.

Any help is much appreciated.

--
Keith Smith
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss