Made those three changes and now FireFox says Secure Connection Failed
newcart.dev uses an invalid security certificate. The certificate is not trusted because it is self signed. (Error code: sec_error_untrusted_issuer) --- I added an exception to FireFox and now it works!!!!! Thanks to everyone who pushed me in the right direction!! ------------------------ Keith Smith --- On Mon, 8/31/09, Alex Dean <a...@crackpot.org> wrote: > From: Alex Dean <a...@crackpot.org> > Subject: Re: configure a test SSL > To: "Main PLUG discussion list" <plug-discuss@lists.plug.phoenix.az.us> > Date: Monday, August 31, 2009, 7:06 PM > On Aug 31, 2009, at 8:50 PM, keith > smith wrote: > > > Here it is. Thanks! > > > > Also log shows this about 10 times > > > > [Mon Aug 31 18:30:09 2009] [warn] RSA server > certificate CommonName (CN) `newcart.dev' does NOT match > server name!? > > > > > > > > <VirtualHost 192.168.20.20:443> > > DocumentRoot "/work/dev/newcart.dev" > > ServerName newcart.dev:443 > > ErrorLog logs/ssl_error_log > > TransferLog logs/ssl_access_log > > ##LogLevel warn > > > > LogLevel debug > > > > ##SSLEngine on > > ##SSLProtocol all -SSLv2 > > ##SSLCipherSuite > ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW > > ##SSLCertificateFile > /etc/pki/tls/certs/localhost.crt > > ##SSLCertificateKeyFile > /etc/pki/tls/private/localhost.key > > #SSLCertificateChainFile > /etc/pki/tls/certs/server-chain.crt > > #SSLCACertificateFile > /etc/pki/tls/certs/ca-bundle.crt > > > > ##<Files ~ > "\.(cgi|shtml|phtml|php3?)$"> > > ## SSLOptions > +StdEnvVars > > ##</Files> > > ##<Directory > "/var/www/cgi-bin"> > > ## SSLOptions > +StdEnvVars > > ##</Directory> > > > > ##SetEnvIf User-Agent ".*MSIE.*" \ > > ## nokeepalive > ssl-unclean-shutdown \ > > ## downgrade-1.0 > force-response-1.0 > > > > ##CustomLog logs/ssl_request_log \ > > ## "%t > %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > > > > </VirtualHost> > > > > ok, with all that stuff commented out, the browser sends > you an ssl request, and you answer in plaintext. Chaos > ensues. (The server doesn't 'know' that its supposed > to speak ssl on port 443. That's a common convention, > but not a technical requirement.) > > The only must-have directives are SSLEngine on, > SSLCertificateFile, and SSLCertificateKeyFile (that file > should only be readable by root, btw). Everything else > seems fine at a glance, but you can leave the rest commented > out while you're debugging. > > alex > > -----Inline Attachment Follows----- > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail > settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss