self signed cert on CentOS 6.5

Keith Smith techlists at phpcoderusa.com
Fri Oct 24 06:59:25 MST 2014


I've see that.  I hope to try it soon.  I do have a laptop running Win7 
for my M$ needs.

On 2014-10-23 16:16, Stephen Partington wrote:
> Well if you need IE testing MS has handily created a number of VM's
> for that.
> 
> https://www.modern.ie/en-us/virtualization-tools [7] hope it helps.
> 
> On Thu, Oct 23, 2014 at 12:32 PM, Keith Smith
> <techlists at phpcoderusa.com> wrote:
> 
>> Thank you Matt for your reply!
>> 
>> <embedded reply />
>> 
>> On 2014-10-19 13:21, Matt Graham wrote:
>> On 2014-10-16 20:54, techlists at phpcoderusa.com wrote:
>> I have a local LAMP box I use for development running CentOS 6.5.
>> openssl genrsa -out ca.key 2048
>> openssl req -new -key ca.key -out ca.csr
>> openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
>> I Then verified the ssl.conf file and restarted httpd.
>> 
>> This looks correct.  In an openssl context, though, CA usually
>> means
>> "Certificate Authority", which might cause confusion if you've got
>> something else somewhere that uses an actual CA.  I usually name
>> the
>> certs "$SITENAME.crt" for maximum ease of understanding.
>> 
>> I am using this cert for multiple local dev sites with no problem
>> in
>> FireFox (I add the exception).  When I use Internet explorer it
>> says
>> "Mismatched Address" even if I add it to the trusted sites list.
>> 
>> DNS problems?  I was trying something similar with IE at work, and
>> it
>> wasn't finding the "127.0.0.1 server example.com [1]" entry in
>> lmhosts.sam.  (Then again, "Run away screaming from IE" is my
>> general
>> policy...)
> 
>  I'd like to run away screaming.  I need IE for testing only.
> 
>>> Do I need to create a cert for each website?  Or can I create a
>>> wild
>>> card cert that I can use on all of them?
>> 
>> You should be able to make a wildcard cert and have it be accepted.
>> Just make the CN be "*.whatever.org [2]" when you're generating the
>> CSR,
>> and then test on server1.whatever.org [3] , server2.whatever.org
>> [4] , etc.
> 
>  Easy enough.  All sites are subdomains.
> 
>>> I followed a website that said I needed to add a section as seen
>>> below to openssl.cnf [and some other changes]
>> [snip]
>> 
>> I have never modified openssl.cnf for any of the self-signed certs
>> I've generated, and they've all Just Worked.  What were the other
>> changes you made?
>> 
>>> The new cert works just like the old cert requiring I add the
>>> exception in FF and IE does not like the cert at all.
>> 
>> I can't make IE barf in that way with the self-signed cert on
>> https://crow202.org/questions.html [5] , but crow202.org [6] has a
>> valid DNS
>> entry and the cert was generated with the default openssl.cnf .
> 
>  It is probably something in my config.
> 
>  Thank you for your help!!
>  Keith
> 
>  ---------------------------------------------------
>  PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>  To subscribe, unsubscribe, or to change your mail settings:
>  http://lists.phxlinux.org/mailman/listinfo/plug-discuss [8]
> 
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
> 
> Stephen
> 
> 
> 
> Links:
> ------
> [1] http://example.com
> [2] http://whatever.org
> [3] http://server1.whatever.org
> [4] http://server2.whatever.org
> [5] https://crow202.org/questions.html
> [6] http://crow202.org
> [7] https://www.modern.ie/en-us/virtualization-tools
> [8] http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-- 
Keith Smith


More information about the PLUG-discuss mailing list