If you are looking to build VMs that are consistent, you should really be using Vagrant to build your VMs.
Kevin
Thanks!!! I'll try this. I'm hoping for once cert for all sites.
On 2015-07-04 15:34, JD Austin wrote:
Usually it's something like this:
# Generate private key
openssl genrsa -out ca.key 2048
# Generate CSR
openssl req -new -key ca.key -out ca.csr
# Generate Self Signed Key
openssl x509 -req -days 999 -in ca.csr -signkey ca.key -out ca.crt
# Copy the files to the correct locations
cp ca.crt /etc/pki/tls/certs/localhost.crt
cp ca.key /etc/pki/tls/private/localhost.key
cp ca.csr /etc/pki/tls/private/ca.csr
-- JD Austin
Voice: 480.269.4335 (480 2MY Geek)
jd@twingeckos.com
On Fri, Jul 3, 2015 at 8:17 PM, Keith Smith
<techlists@phpcoderusa.com> wrote:
It was easier to just start over - 20 min and the cert is not an
issue any longer.
On 2015-07-03 18:39, Keith Smith wrote:
Hi,
I'm setting up a VirtualBox and am setting up a VM using CentOS
6.6.
Everything was running and I could see default welcome page in
desktop
by using the IP for the URL.
Then I wanted to configure a virtual host as a dev / test site.
I tried creating the SSL Cert by using openssl.
# cd /etc/pki/tls/certs
# make mycert.pem
This confused me. I noticed there was a file
/etc/pki/tls/localhost.crt that had been created today so I
deleted
it.
Ten I using the command:
openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout
/etc/httpd/ssl/test-site-name.key -out
/etc/httpd/ssl/test-site-name.crt
Which created the certs.
I configured the virtual host and when I restarted Apache it just
fails w/o any message.
The logs:
tail error_log
[Fri Jul 03 17:49:36 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
[Fri Jul 03 17:51:27 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
[Fri Jul 03 17:52:28 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
[Fri Jul 03 17:56:13 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
[Fri Jul 03 17:57:13 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
[Fri Jul 03 17:57:19 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
[Fri Jul 03 17:59:35 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
[Fri Jul 03 18:02:14 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
[Fri Jul 03 18:02:46 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
[Fri Jul 03 18:03:17 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
tail ssl_error_log
[Fri Jul 03 18:02:14 2015] [error] Unable to configure RSA server
private key
[Fri Jul 03 18:02:14 2015] [error] SSL Library Error: 185073780
error:0B080074:x509 certificate
routines:X509_check_private_key:key
values mismatch
[Fri Jul 03 18:02:46 2015] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Jul 03 18:02:46 2015] [warn] RSA server certificate
CommonName
(CN) `localhost.localdomain' does NOT match server name!?
[Fri Jul 03 18:02:46 2015] [error] Unable to configure RSA server
private key
[Fri Jul 03 18:02:46 2015] [error] SSL Library Error: 185073780
error:0B080074:x509 certificate
routines:X509_check_private_key:key
values mismatch
[Fri Jul 03 18:03:17 2015] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Jul 03 18:03:17 2015] [warn] RSA server certificate
CommonName
(CN) `localhost.localdomain' does NOT match server name!?
[Fri Jul 03 18:03:17 2015] [error] Unable to configure RSA server
private key
[Fri Jul 03 18:03:17 2015] [error] SSL Library Error: 185073780
error:0B080074:x509 certificate
routines:X509_check_private_key:key
values mismatch
Tried:
openssl x509 -noout -modulus -in your_domain_com.crt | openssl
md5
openssl rsa -noout -modulus -in your_domain_com.key | openssl md5
and got matching numbers.
Any help is much appreciated.
--
Keith Smith
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
Links:
------
[1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
--
Keith Smith
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss