Re: [Openca-Users] Openca Apache & firefox

Wed, 11 May 2005 11:33:10 -0700 

Hi,

What's weird is that the https work in Konqueror (after importing the
root ca), but not in firefox.

And If i autosigns the request everything works. It's only if i signs it
with the cacert.

I'm wondering if one of thoses points may be in cause:

 1 the CA is a 4096 bytes key
 2 When issuing the request i modify the subjectAltName
with two IP Address and two DNS name and the subject with
two CN corresponding to the two DNS names

Could this be a bad idea ?

Johnny Gonzalez a �crit :

>Hello Benoit,
>
>To issue the server certificate, you can use OpenCA's
>interface, the third phase of the initialization
>(Create the initial RA certificate), just follow the
>steps, and in the fourth step (Handle the
>certificate), after that, select to download the
>certificate through mod_ssl and the certificate and
>the private key will be shown in the screen in base64
>format. Select each of them (certificate and private
>key) and store them in separete files with the name
>you want for them, then use them with apache as you
>usually do.
>
>Hope this helps,
>Johnny
>
> --- Benoit Plessis <[EMAIL PROTECTED]>
>escribi�:
>
>  
>
>>Hello,
>>
>>I'm tweaking with a simple OpenCA PKI and today
>>something weird
>>happened, i created a private key for the server
>>using:
>>openssl genrsa -des3 1024 > serv.key
>>openssl req -new -key serv.key > serv.csr
>>
>>Then i send the request through openca public
>>interface and
>>sign it via the CA interface (same method used for
>>our VPN boxes).
>>
>>After that i configure apache-ssl with the new cert
>>and
>>i test a page using openssl s_client who say that
>>there is an autosigned
>>cert in the chain (my CA cert). using wget
>>everything is ok but
>>using firefox i got an 'certificate invalid or
>>corrupt' message with an
>>error code of -8101.
>>
>>Any idea ?
>>
>>Regards,
>>Benoit Plessis
>>
>>
>> pour
>>
>>
>>
>>    
>>
>-------------------------------------------------------
>  
>
>>This SF.Net email is sponsored by Oracle Space
>>Sweepstakes
>>Want to be the first software developer in space?
>>Enter now for the Oracle Space Sweepstakes!
>>
>>    
>>
>http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click
>  
>
>>_______________________________________________
>>Openca-Users mailing list
>>[email protected]
>>
>>    
>>
>https://lists.sourceforge.net/lists/listinfo/openca-users
>  
>
>
>
>
>               
>______________________________________________ 
>Renovamos el Correo Yahoo! 
>Nuevos servicios, m�s seguridad 
>http://correo.yahoo.es
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by Oracle Space Sweepstakes
>Want to be the first software developer in space?
>Enter now for the Oracle Space Sweepstakes!
>http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click
>_______________________________________________
>Openca-Users mailing list
>[email protected]
>https://lists.sourceforge.net/lists/listinfo/openca-users
>  
>




-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_ids93&alloc_id281&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to