Self signed cert
Keith Smith
techlists at phpcoderusa.com
Sat Jul 4 15:56:47 MST 2015
On 2015-07-04 15:46, Kevin Fries wrote:
> If you are looking to build VMs that are consistent, you should really
> be using Vagrant to build your VMs.
Looks nice, however I am almost done with the VirtualBox vm and do not
want to start over... I'll look at it for possible future use.
Thanks!!
>
> Kevin
> On Jul 4, 2015 4:41 PM, "Keith Smith" <techlists at phpcoderusa.com>
> wrote:
>
>> Thanks!!! I'll try this. I'm hoping for once cert for all
>> sites.
>>
>> On 2015-07-04 15:34, JD Austin wrote:
>> Usually it's something like this:
>>
>> # Generate private key
>> openssl genrsa -out ca.key 2048
>>
>> # Generate CSR
>> openssl req -new -key ca.key -out ca.csr
>>
>> # Generate Self Signed Key
>> openssl x509 -req -days 999 -in ca.csr -signkey ca.key -out ca.crt
>>
>> # Copy the files to the correct locations
>> cp ca.crt /etc/pki/tls/certs/localhost.crt
>> cp ca.key /etc/pki/tls/private/localhost.key
>> cp ca.csr /etc/pki/tls/private/ca.csr
>>
>> -- JD Austin
>> Voice: 480.269.4335 [1] (480 2MY Geek)
>> jd at twingeckos.com
>>
>> On Fri, Jul 3, 2015 at 8:17 PM, Keith Smith
>> <techlists at phpcoderusa.com> wrote:
>>
>> It was easier to just start over - 20 min and the cert is not an
>> issue any longer.
>>
>> On 2015-07-03 18:39, Keith Smith wrote:
>>
>> Hi,
>>
>> I'm setting up a VirtualBox and am setting up a VM using CentOS
>> 6.6.
>> Everything was running and I could see default welcome page in
>> desktop
>> by using the IP for the URL.
>>
>> Then I wanted to configure a virtual host as a dev / test site.
>>
>> I tried creating the SSL Cert by using openssl.
>>
>> # cd /etc/pki/tls/certs
>> # make mycert.pem
>>
>> This confused me. I noticed there was a file
>> /etc/pki/tls/localhost.crt that had been created today so I
>> deleted
>> it.
>>
>> Ten I using the command:
>>
>> openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout
>> /etc/httpd/ssl/test-site-name.key -out
>> /etc/httpd/ssl/test-site-name.crt
>>
>> Which created the certs.
>>
>> I configured the virtual host and when I restarted Apache it just
>> fails w/o any message.
>>
>> The logs:
>>
>> tail error_log
>> [Fri Jul 03 17:49:36 2015] [notice] suEXEC mechanism enabled
>> (wrapper:
>> /usr/sbin/suexec)
>> [Fri Jul 03 17:51:27 2015] [notice] suEXEC mechanism enabled
>> (wrapper:
>> /usr/sbin/suexec)
>> [Fri Jul 03 17:52:28 2015] [notice] suEXEC mechanism enabled
>> (wrapper:
>> /usr/sbin/suexec)
>> [Fri Jul 03 17:56:13 2015] [notice] suEXEC mechanism enabled
>> (wrapper:
>> /usr/sbin/suexec)
>> [Fri Jul 03 17:57:13 2015] [notice] suEXEC mechanism enabled
>> (wrapper:
>> /usr/sbin/suexec)
>> [Fri Jul 03 17:57:19 2015] [notice] suEXEC mechanism enabled
>> (wrapper:
>> /usr/sbin/suexec)
>> [Fri Jul 03 17:59:35 2015] [notice] suEXEC mechanism enabled
>> (wrapper:
>> /usr/sbin/suexec)
>> [Fri Jul 03 18:02:14 2015] [notice] suEXEC mechanism enabled
>> (wrapper:
>> /usr/sbin/suexec)
>> [Fri Jul 03 18:02:46 2015] [notice] suEXEC mechanism enabled
>> (wrapper:
>> /usr/sbin/suexec)
>> [Fri Jul 03 18:03:17 2015] [notice] suEXEC mechanism enabled
>> (wrapper:
>> /usr/sbin/suexec)
>>
>> tail ssl_error_log
>> [Fri Jul 03 18:02:14 2015] [error] Unable to configure RSA server
>> private key
>> [Fri Jul 03 18:02:14 2015] [error] SSL Library Error: 185073780
>> error:0B080074:x509 certificate
>> routines:X509_check_private_key:key
>> values mismatch
>> [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate is a CA
>> certificate (BasicConstraints: CA == TRUE !?)
>> [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate
>> CommonName
>> (CN) `localhost.localdomain' does NOT match server name!?
>> [Fri Jul 03 18:02:46 2015] [error] Unable to configure RSA server
>> private key
>> [Fri Jul 03 18:02:46 2015] [error] SSL Library Error: 185073780
>> error:0B080074:x509 certificate
>> routines:X509_check_private_key:key
>> values mismatch
>> [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate is a CA
>> certificate (BasicConstraints: CA == TRUE !?)
>> [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate
>> CommonName
>> (CN) `localhost.localdomain' does NOT match server name!?
>> [Fri Jul 03 18:03:17 2015] [error] Unable to configure RSA server
>> private key
>> [Fri Jul 03 18:03:17 2015] [error] SSL Library Error: 185073780
>> error:0B080074:x509 certificate
>> routines:X509_check_private_key:key
>> values mismatch
>>
>> Tried:
>>
>> openssl x509 -noout -modulus -in your_domain_com.crt | openssl
>> md5
>> openssl rsa -noout -modulus -in your_domain_com.key | openssl md5
>>
>> and got matching numbers.
>>
>> Any help is much appreciated.
>>
>> --
>> Keith Smith
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2] [1]
>
> Links:
> ------
> [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2]
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2]
>
> --
> Keith Smith
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2]
>
> Links:
> ------
> [1] tel:480.269.4335
> [2] http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
--
Keith Smith
More information about the PLUG-discuss
mailing list