If you are looking to build VMs that are consistent, you should really be using Vagrant to build your VMs.

Kevin

On Jul 4, 2015 4:41 PM, "Keith Smith" <techlists@phpcoderusa.com> wrote:

Thanks!!!  I'll try this.  I'm hoping for once cert for all sites.



On 2015-07-04 15:34, JD Austin wrote:
Usually it's something like this:

# Generate private key
openssl genrsa -out ca.key 2048

# Generate CSR
openssl req -new -key ca.key -out ca.csr

# Generate Self Signed Key
openssl x509 -req -days 999 -in ca.csr -signkey ca.key -out ca.crt

# Copy the files to the correct locations
cp ca.crt /etc/pki/tls/certs/localhost.crt
cp ca.key /etc/pki/tls/private/localhost.key
cp ca.csr /etc/pki/tls/private/ca.csr

-- JD Austin
Voice: 480.269.4335 (480 2MY Geek)
jd@twingeckos.com

On Fri, Jul 3, 2015 at 8:17 PM, Keith Smith
<techlists@phpcoderusa.com> wrote:

It was easier to just start over - 20 min and the cert is not an
issue any longer.

On 2015-07-03 18:39, Keith Smith wrote:

Hi,

I'm setting up a VirtualBox and am setting up a VM using CentOS
6.6.
Everything was running and I could see default welcome page in
desktop
by using the IP for the URL.

Then I wanted to configure a virtual host as a dev / test site.

I tried creating the SSL Cert by using openssl.

# cd /etc/pki/tls/certs
# make mycert.pem

This confused me.  I noticed there was a file
/etc/pki/tls/localhost.crt that had been created today so I
deleted
it.

Ten I using the command:

openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout
/etc/httpd/ssl/test-site-name.key -out
/etc/httpd/ssl/test-site-name.crt

Which created the certs.

I configured the virtual host and when I restarted Apache it just
fails w/o any message.

The logs:

tail error_log
[Fri Jul 03 17:49:36 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
[Fri Jul 03 17:51:27 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
[Fri Jul 03 17:52:28 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
[Fri Jul 03 17:56:13 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
[Fri Jul 03 17:57:13 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
[Fri Jul 03 17:57:19 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
[Fri Jul 03 17:59:35 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
[Fri Jul 03 18:02:14 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
[Fri Jul 03 18:02:46 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)
[Fri Jul 03 18:03:17 2015] [notice] suEXEC mechanism enabled
(wrapper:
/usr/sbin/suexec)

tail ssl_error_log
[Fri Jul 03 18:02:14 2015] [error] Unable to configure RSA server
private key
[Fri Jul 03 18:02:14 2015] [error] SSL Library Error: 185073780
error:0B080074:x509 certificate
routines:X509_check_private_key:key
values mismatch
[Fri Jul 03 18:02:46 2015] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Jul 03 18:02:46 2015] [warn] RSA server certificate
CommonName
(CN) `localhost.localdomain' does NOT match server name!?
[Fri Jul 03 18:02:46 2015] [error] Unable to configure RSA server
private key
[Fri Jul 03 18:02:46 2015] [error] SSL Library Error: 185073780
error:0B080074:x509 certificate
routines:X509_check_private_key:key
values mismatch
[Fri Jul 03 18:03:17 2015] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Jul 03 18:03:17 2015] [warn] RSA server certificate
CommonName
(CN) `localhost.localdomain' does NOT match server name!?
[Fri Jul 03 18:03:17 2015] [error] Unable to configure RSA server
private key
[Fri Jul 03 18:03:17 2015] [error] SSL Library Error: 185073780
error:0B080074:x509 certificate
routines:X509_check_private_key:key
values mismatch

Tried:

openssl x509 -noout -modulus -in your_domain_com.crt | openssl
md5
openssl rsa -noout -modulus -in your_domain_com.key | openssl md5

and got matching numbers.

Any help is much appreciated.

--
Keith Smith
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]



Links:
------
[1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

--
Keith Smith
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss