Re: configure a test SSL

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMAlex Dean at <-
.MEric Shubert at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: keith smith
Date:  
To: Main PLUG discussion list
Subject: Re: configure a test SSL
Made those three changes and now FireFox says

Secure Connection Failed

newcart.dev uses an invalid security certificate.

The certificate is not trusted because it is self signed.

(Error code: sec_error_untrusted_issuer)

---

I added an exception to FireFox and now it works!!!!!

Thanks to everyone who pushed me in the right direction!!

------------------------
Keith Smith


--- On Mon, 8/31/09, Alex Dean <> wrote:

> From: Alex Dean <>
> Subject: Re: configure a test SSL
> To: "Main PLUG discussion list" <>
> Date: Monday, August 31, 2009, 7:06 PM
> On Aug 31, 2009, at 8:50 PM, keith
> smith wrote:
>
> > Here it is.  Thanks!
> >
> > Also log shows this about 10 times
> >
> > [Mon Aug 31 18:30:09 2009] [warn] RSA server
> certificate CommonName (CN) `newcart.dev' does NOT match
> server name!?
> >
> >
> >
> > <VirtualHost 192.168.20.20:443>
> >   DocumentRoot "/work/dev/newcart.dev"
> >   ServerName newcart.dev:443
> >   ErrorLog logs/ssl_error_log
> >   TransferLog logs/ssl_access_log
> >   ##LogLevel warn
> >
> >   LogLevel debug
> >
> >   ##SSLEngine on
> >   ##SSLProtocol all -SSLv2
> >   ##SSLCipherSuite
> ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
> >   ##SSLCertificateFile
> /etc/pki/tls/certs/localhost.crt
> >   ##SSLCertificateKeyFile
> /etc/pki/tls/private/localhost.key
> >   #SSLCertificateChainFile
> /etc/pki/tls/certs/server-chain.crt
> >   #SSLCACertificateFile
> /etc/pki/tls/certs/ca-bundle.crt
> >
> >   ##<Files ~
> "\.(cgi|shtml|phtml|php3?)$">
> >   ##    SSLOptions
> +StdEnvVars
> >   ##</Files>
> >   ##<Directory
> "/var/www/cgi-bin">
> >   ##    SSLOptions
> +StdEnvVars
> >   ##</Directory>
> >
> >   ##SetEnvIf User-Agent ".*MSIE.*" \
> >   ##      nokeepalive
> ssl-unclean-shutdown \
> >   ##      downgrade-1.0
> force-response-1.0
> >
> >   ##CustomLog logs/ssl_request_log \
> >   ##       "%t
> %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> >
> > </VirtualHost>
> >
>
> ok, with all that stuff commented out, the browser sends
> you an ssl request, and you answer in plaintext.  Chaos
> ensues.  (The server doesn't 'know' that its supposed
> to speak ssl on port 443.  That's a common convention,
> but not a technical requirement.)
>
> The only must-have directives are SSLEngine on,
> SSLCertificateFile, and SSLCertificateKeyFile (that file
> should only be readable by root, btw).  Everything else
> seems fine at a glance, but you can leave the rest commented
> out while you're debugging.
>
> alex
>
> -----Inline Attachment Follows-----
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail
> settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss



---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: configure a test SSLRe: configure a test SSL->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)