Self signed cert
Keith Smith
techlists at phpcoderusa.com
Sat Jul 4 15:41:33 MST 2015
Thanks!!! I'll try this. I'm hoping for once cert for all sites.
On 2015-07-04 15:34, JD Austin wrote:
> Usually it's something like this:
>
> # Generate private key
> openssl genrsa -out ca.key 2048
>
> # Generate CSR
> openssl req -new -key ca.key -out ca.csr
>
> # Generate Self Signed Key
> openssl x509 -req -days 999 -in ca.csr -signkey ca.key -out ca.crt
>
> # Copy the files to the correct locations
> cp ca.crt /etc/pki/tls/certs/localhost.crt
> cp ca.key /etc/pki/tls/private/localhost.key
> cp ca.csr /etc/pki/tls/private/ca.csr
>
> -- JD Austin
> Voice: 480.269.4335 (480 2MY Geek)
> jd at twingeckos.com
>
> On Fri, Jul 3, 2015 at 8:17 PM, Keith Smith
> <techlists at phpcoderusa.com> wrote:
>
>> It was easier to just start over - 20 min and the cert is not an
>> issue any longer.
>>
>> On 2015-07-03 18:39, Keith Smith wrote:
>>
>>> Hi,
>>>
>>> I'm setting up a VirtualBox and am setting up a VM using CentOS
>>> 6.6.
>>> Everything was running and I could see default welcome page in
>>> desktop
>>> by using the IP for the URL.
>>>
>>> Then I wanted to configure a virtual host as a dev / test site.
>>>
>>> I tried creating the SSL Cert by using openssl.
>>>
>>> # cd /etc/pki/tls/certs
>>> # make mycert.pem
>>>
>>> This confused me. I noticed there was a file
>>> /etc/pki/tls/localhost.crt that had been created today so I
>>> deleted
>>> it.
>>>
>>> Ten I using the command:
>>>
>>> openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout
>>> /etc/httpd/ssl/test-site-name.key -out
>>> /etc/httpd/ssl/test-site-name.crt
>>>
>>> Which created the certs.
>>>
>>> I configured the virtual host and when I restarted Apache it just
>>> fails w/o any message.
>>>
>>> The logs:
>>>
>>> tail error_log
>>> [Fri Jul 03 17:49:36 2015] [notice] suEXEC mechanism enabled
>>> (wrapper:
>>> /usr/sbin/suexec)
>>> [Fri Jul 03 17:51:27 2015] [notice] suEXEC mechanism enabled
>>> (wrapper:
>>> /usr/sbin/suexec)
>>> [Fri Jul 03 17:52:28 2015] [notice] suEXEC mechanism enabled
>>> (wrapper:
>>> /usr/sbin/suexec)
>>> [Fri Jul 03 17:56:13 2015] [notice] suEXEC mechanism enabled
>>> (wrapper:
>>> /usr/sbin/suexec)
>>> [Fri Jul 03 17:57:13 2015] [notice] suEXEC mechanism enabled
>>> (wrapper:
>>> /usr/sbin/suexec)
>>> [Fri Jul 03 17:57:19 2015] [notice] suEXEC mechanism enabled
>>> (wrapper:
>>> /usr/sbin/suexec)
>>> [Fri Jul 03 17:59:35 2015] [notice] suEXEC mechanism enabled
>>> (wrapper:
>>> /usr/sbin/suexec)
>>> [Fri Jul 03 18:02:14 2015] [notice] suEXEC mechanism enabled
>>> (wrapper:
>>> /usr/sbin/suexec)
>>> [Fri Jul 03 18:02:46 2015] [notice] suEXEC mechanism enabled
>>> (wrapper:
>>> /usr/sbin/suexec)
>>> [Fri Jul 03 18:03:17 2015] [notice] suEXEC mechanism enabled
>>> (wrapper:
>>> /usr/sbin/suexec)
>>>
>>> tail ssl_error_log
>>> [Fri Jul 03 18:02:14 2015] [error] Unable to configure RSA server
>>> private key
>>> [Fri Jul 03 18:02:14 2015] [error] SSL Library Error: 185073780
>>> error:0B080074:x509 certificate
>>> routines:X509_check_private_key:key
>>> values mismatch
>>> [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate is a CA
>>> certificate (BasicConstraints: CA == TRUE !?)
>>> [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate
>>> CommonName
>>> (CN) `localhost.localdomain' does NOT match server name!?
>>> [Fri Jul 03 18:02:46 2015] [error] Unable to configure RSA server
>>> private key
>>> [Fri Jul 03 18:02:46 2015] [error] SSL Library Error: 185073780
>>> error:0B080074:x509 certificate
>>> routines:X509_check_private_key:key
>>> values mismatch
>>> [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate is a CA
>>> certificate (BasicConstraints: CA == TRUE !?)
>>> [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate
>>> CommonName
>>> (CN) `localhost.localdomain' does NOT match server name!?
>>> [Fri Jul 03 18:03:17 2015] [error] Unable to configure RSA server
>>> private key
>>> [Fri Jul 03 18:03:17 2015] [error] SSL Library Error: 185073780
>>> error:0B080074:x509 certificate
>>> routines:X509_check_private_key:key
>>> values mismatch
>>>
>>> Tried:
>>>
>>> openssl x509 -noout -modulus -in your_domain_com.crt | openssl
>>> md5
>>> openssl rsa -noout -modulus -in your_domain_com.key | openssl md5
>>>
>>> and got matching numbers.
>>>
>>> Any help is much appreciated.
>>
>> --
>> Keith Smith
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1]
>
>
>
> Links:
> ------
> [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
--
Keith Smith
More information about the PLUG-discuss
mailing list