PLease post in plain text - my mail client doesn't handle HTML mail... The thing you type into the browser's Location window has to match what's in the cert. Does it? If you are doing all this on a standalone laptop, I doubt it.
-----Original Message----- From: Aihong Yin [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 29. Januar 2003 12:07 To: [EMAIL PROTECTED] Subject: Re: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de' does NOT match server name!? Hello Owen and Toftum, thanks for your mail. Hello all,I am trying to setup my server (apache 2.0.43, opensl 0.9.6g on RedHat 7.1).I have created a SSL server certificate using a self-made CA, and am sure thatthe Common Name in the Server Certificate und ServerName in http.conf file arethe same "yin.fokus.gmd.de", which is identical with the host address. Really? Are you sure you have the line: ServerName yin.fokus.gmd.dein the SSL VH config? Do you mean that I should configure VirtualHost in the http.conf file? But I think the Virtual Host is used for the case of more than one web site running on a single machine. Is this correct? On my Laptop there is only one web site "yin.fokus.gmd.de". I now have tried to configure VirtualHost and it is the same error. If so, are you sure the certificate's common name is yin.fokus.gmd.de?Don't just say "Yes", check it with: openssl x509 -subject -in /path/to/certthen see what "CN=" is set to. I have checked it and They are the same ("CN=" is set to "yin.fokus.gmd.de). I now start apache with "apachect1 startssl"and get the following messagein error_log file, but no errors in the console---->[Wed Jan 29 08:34:02 2003] [warn] RSA server certificate CommonName (CN)`yin.fokus.gmd.de' does NOT match server name!?[Wed Jan 29 08:34:03 2003] [notice] Digest: generating secret for digest authentication ...[Wed Jan 29 08:34:03 2003] [notice] Digest: done[Wed Jan 29 08:34:04 2003] [warn] RSA server certificate CommonName (CN)`yin.fokus.gmd.de' does NOT match server name!?[Wed Jan 29 08:34:05 2003] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6g DAV/2 configured-- resuming normal operations<---if I try and access the secure site (https://yin.fokus.gmd.de) I get the following error message in browser(but I can start the normal site http://yin.fokus.gmd.de):------>The server's certificate has an invalid signature. You will not be able to connect to this site securely.<------ Your domain name is not in public DNS so I suppose you do this locally. You are right. I try this on my laptop for our future projekt. Shoud I use the IP address and not host name in the server certificate? but it is changed frequently. Best Regards, Aihong Yin. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
