Re: configure a test SSL

Mon, 31 Aug 2009 19:23:17 -0700 

Made those three changes and now FireFox says

Secure Connection Failed

newcart.dev uses an invalid security certificate.

The certificate is not trusted because it is self signed.

(Error code: sec_error_untrusted_issuer)

---

I added an exception to FireFox and now it works!!!!!

Thanks to everyone who pushed me in the right direction!!

------------------------
Keith Smith


--- On Mon, 8/31/09, Alex Dean <a...@crackpot.org> wrote:

> From: Alex Dean <a...@crackpot.org>
> Subject: Re: configure a test SSL
> To: "Main PLUG discussion list" <plug-discuss@lists.plug.phoenix.az.us>
> Date: Monday, August 31, 2009, 7:06 PM
> On Aug 31, 2009, at 8:50 PM, keith
> smith wrote:
> 
> > Here it is.  Thanks!
> > 
> > Also log shows this about 10 times
> > 
> > [Mon Aug 31 18:30:09 2009] [warn] RSA server
> certificate CommonName (CN) `newcart.dev' does NOT match
> server name!?
> > 
> > 
> > 
> > <VirtualHost 192.168.20.20:443>
> >   DocumentRoot "/work/dev/newcart.dev"
> >   ServerName newcart.dev:443
> >   ErrorLog logs/ssl_error_log
> >   TransferLog logs/ssl_access_log
> >   ##LogLevel warn
> > 
> >   LogLevel debug
> > 
> >   ##SSLEngine on
> >   ##SSLProtocol all -SSLv2
> >   ##SSLCipherSuite
> ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
> >   ##SSLCertificateFile
> /etc/pki/tls/certs/localhost.crt
> >   ##SSLCertificateKeyFile
> /etc/pki/tls/private/localhost.key
> >   #SSLCertificateChainFile
> /etc/pki/tls/certs/server-chain.crt
> >   #SSLCACertificateFile
> /etc/pki/tls/certs/ca-bundle.crt
> > 
> >   ##<Files ~
> "\.(cgi|shtml|phtml|php3?)$">
> >   ##    SSLOptions
> +StdEnvVars
> >   ##</Files>
> >   ##<Directory
> "/var/www/cgi-bin">
> >   ##    SSLOptions
> +StdEnvVars
> >   ##</Directory>
> > 
> >   ##SetEnvIf User-Agent ".*MSIE.*" \
> >   ##      nokeepalive
> ssl-unclean-shutdown \
> >   ##      downgrade-1.0
> force-response-1.0
> > 
> >   ##CustomLog logs/ssl_request_log \
> >   ##       "%t
> %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> > 
> > </VirtualHost>
> > 
> 
> ok, with all that stuff commented out, the browser sends
> you an ssl request, and you answer in plaintext.  Chaos
> ensues.  (The server doesn't 'know' that its supposed
> to speak ssl on port 443.  That's a common convention,
> but not a technical requirement.)
> 
> The only must-have directives are SSLEngine on,
> SSLCertificateFile, and SSLCertificateKeyFile (that file
> should only be readable by root, btw).  Everything else
> seems fine at a glance, but you can leave the rest commented
> out while you're debugging.
> 
> alex
> 
> -----Inline Attachment Follows-----
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail
> settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


      
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Reply via email to