Re: Self signed cert
On 2015-07-04 15:46, Kevin Fries wrote: If you are looking to build VMs that are consistent, you should really be using Vagrant to build your VMs. Looks nice, however I am almost done with the VirtualBox vm and do not want to start over... I'll look at it for possible future use. Thanks!! Kevin On Jul 4, 2015 4:41 PM, "Keith Smith" wrote: Thanks!!! I'll try this. I'm hoping for once cert for all sites. On 2015-07-04 15:34, JD Austin wrote: Usually it's something like this: # Generate private key openssl genrsa -out ca.key 2048 # Generate CSR openssl req -new -key ca.key -out ca.csr # Generate Self Signed Key openssl x509 -req -days 999 -in ca.csr -signkey ca.key -out ca.crt # Copy the files to the correct locations cp ca.crt /etc/pki/tls/certs/localhost.crt cp ca.key /etc/pki/tls/private/localhost.key cp ca.csr /etc/pki/tls/private/ca.csr -- JD Austin Voice: 480.269.4335 [1] (480 2MY Geek) j...@twingeckos.com On Fri, Jul 3, 2015 at 8:17 PM, Keith Smith wrote: It was easier to just start over - 20 min and the cert is not an issue any longer. On 2015-07-03 18:39, Keith Smith wrote: Hi, I'm setting up a VirtualBox and am setting up a VM using CentOS 6.6. Everything was running and I could see default welcome page in desktop by using the IP for the URL. Then I wanted to configure a virtual host as a dev / test site. I tried creating the SSL Cert by using openssl. # cd /etc/pki/tls/certs # make mycert.pem This confused me. I noticed there was a file /etc/pki/tls/localhost.crt that had been created today so I deleted it. Ten I using the command: openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout /etc/httpd/ssl/test-site-name.key -out /etc/httpd/ssl/test-site-name.crt Which created the certs. I configured the virtual host and when I restarted Apache it just fails w/o any message. The logs: tail error_log [Fri Jul 03 17:49:36 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:51:27 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:52:28 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:56:13 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:57:13 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:57:19 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:59:35 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 18:02:14 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 18:02:46 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 18:03:17 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) tail ssl_error_log [Fri Jul 03 18:02:14 2015] [error] Unable to configure RSA server private key [Fri Jul 03 18:02:14 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Fri Jul 03 18:02:46 2015] [error] Unable to configure RSA server private key [Fri Jul 03 18:02:46 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Fri Jul 03 18:03:17 2015] [error] Unable to configure RSA server private key [Fri Jul 03 18:03:17 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch Tried: openssl x509 -noout -modulus -in your_domain_com.crt | openssl md5 openssl rsa -noout -modulus -in your_domain_com.key | openssl md5 and got matching numbers. Any help is much appreciated. -- Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2] [1] Links: -- [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2] --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2] -- Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2] Links: -- [1] tel:480.26
Re: Self signed cert
Is this the correct mapping in my vhost include file? SSLCertificateFile : /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile: /etc/pki/tls/private/localhost.key SSLCertificateChainFile : /etc/pki/tls/private/ca.csr Thanks!! On 2015-07-04 15:34, JD Austin wrote: Usually it's something like this: # Generate private key openssl genrsa -out ca.key 2048 # Generate CSR openssl req -new -key ca.key -out ca.csr # Generate Self Signed Key openssl x509 -req -days 999 -in ca.csr -signkey ca.key -out ca.crt # Copy the files to the correct locations cp ca.crt /etc/pki/tls/certs/localhost.crt cp ca.key /etc/pki/tls/private/localhost.key cp ca.csr /etc/pki/tls/private/ca.csr -- JD Austin Voice: 480.269.4335 (480 2MY Geek) j...@twingeckos.com On Fri, Jul 3, 2015 at 8:17 PM, Keith Smith wrote: It was easier to just start over - 20 min and the cert is not an issue any longer. On 2015-07-03 18:39, Keith Smith wrote: Hi, I'm setting up a VirtualBox and am setting up a VM using CentOS 6.6. Everything was running and I could see default welcome page in desktop by using the IP for the URL. Then I wanted to configure a virtual host as a dev / test site. I tried creating the SSL Cert by using openssl. # cd /etc/pki/tls/certs # make mycert.pem This confused me. I noticed there was a file /etc/pki/tls/localhost.crt that had been created today so I deleted it. Ten I using the command: openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout /etc/httpd/ssl/test-site-name.key -out /etc/httpd/ssl/test-site-name.crt Which created the certs. I configured the virtual host and when I restarted Apache it just fails w/o any message. The logs: tail error_log [Fri Jul 03 17:49:36 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:51:27 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:52:28 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:56:13 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:57:13 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:57:19 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:59:35 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 18:02:14 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 18:02:46 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 18:03:17 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) tail ssl_error_log [Fri Jul 03 18:02:14 2015] [error] Unable to configure RSA server private key [Fri Jul 03 18:02:14 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Fri Jul 03 18:02:46 2015] [error] Unable to configure RSA server private key [Fri Jul 03 18:02:46 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Fri Jul 03 18:03:17 2015] [error] Unable to configure RSA server private key [Fri Jul 03 18:03:17 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch Tried: openssl x509 -noout -modulus -in your_domain_com.crt | openssl md5 openssl rsa -noout -modulus -in your_domain_com.key | openssl md5 and got matching numbers. Any help is much appreciated. -- Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1] Links: -- [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss -- Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Self signed cert
Thanks!! On 2015-07-04 16:10, Kevin Fries wrote: Here is an example... how to fire up a fully operational LAMP stack in under 5 minutes. It should work as a template to help build what you want. Insure you install the most current version of VirtualBox and Vagrant, then: open terminal $ cd /var/www $ mkdir project $ cd project $ git clone g...@github.com:skecskes/vagrant-centos7-ansible-lamp.git $ vagrant up Enjoy Hope this helps Kevin --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss -- Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Self signed cert
Here is an example... how to fire up a fully operational LAMP stack in under 5 minutes. It should work as a template to help build what you want. Insure you install the most current version of VirtualBox and Vagrant, then: open terminal $ cd /var/www $ mkdir project $ cd project $ git clone g...@github.com:skecskes/vagrant-centos7-ansible-lamp.git $ vagrant up Enjoy Hope this helps Kevin --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Self signed cert
If you are looking to build VMs that are consistent, you should really be using Vagrant to build your VMs. Kevin On Jul 4, 2015 4:41 PM, "Keith Smith" wrote: > > Thanks!!! I'll try this. I'm hoping for once cert for all sites. > > > > On 2015-07-04 15:34, JD Austin wrote: > >> Usually it's something like this: >> >> # Generate private key >> openssl genrsa -out ca.key 2048 >> >> # Generate CSR >> openssl req -new -key ca.key -out ca.csr >> >> # Generate Self Signed Key >> openssl x509 -req -days 999 -in ca.csr -signkey ca.key -out ca.crt >> >> # Copy the files to the correct locations >> cp ca.crt /etc/pki/tls/certs/localhost.crt >> cp ca.key /etc/pki/tls/private/localhost.key >> cp ca.csr /etc/pki/tls/private/ca.csr >> >> -- JD Austin >> Voice: 480.269.4335 (480 2MY Geek) >> j...@twingeckos.com >> >> On Fri, Jul 3, 2015 at 8:17 PM, Keith Smith >> wrote: >> >> It was easier to just start over - 20 min and the cert is not an >>> issue any longer. >>> >>> On 2015-07-03 18:39, Keith Smith wrote: >>> >>> Hi, I'm setting up a VirtualBox and am setting up a VM using CentOS 6.6. Everything was running and I could see default welcome page in desktop by using the IP for the URL. Then I wanted to configure a virtual host as a dev / test site. I tried creating the SSL Cert by using openssl. # cd /etc/pki/tls/certs # make mycert.pem This confused me. I noticed there was a file /etc/pki/tls/localhost.crt that had been created today so I deleted it. Ten I using the command: openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout /etc/httpd/ssl/test-site-name.key -out /etc/httpd/ssl/test-site-name.crt Which created the certs. I configured the virtual host and when I restarted Apache it just fails w/o any message. The logs: tail error_log [Fri Jul 03 17:49:36 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:51:27 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:52:28 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:56:13 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:57:13 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:57:19 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:59:35 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 18:02:14 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 18:02:46 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 18:03:17 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) tail ssl_error_log [Fri Jul 03 18:02:14 2015] [error] Unable to configure RSA server private key [Fri Jul 03 18:02:14 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Fri Jul 03 18:02:46 2015] [error] Unable to configure RSA server private key [Fri Jul 03 18:02:46 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Fri Jul 03 18:03:17 2015] [error] Unable to configure RSA server private key [Fri Jul 03 18:03:17 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch Tried: openssl x509 -noout -modulus -in your_domain_com.crt | openssl md5 openssl rsa -noout -modulus -in your_domain_com.key | openssl md5 and got matching numbers. Any help is much appreciated. >>> >>> -- >>> Keith Smith >>> --- >>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>> To subscribe, unsubscribe, or to change your mail settings: >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1] >>> >> >> >> >> Links: >> -- >> [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss >> >> --- >> PLUG-discuss mailing li
Re: Self signed cert
Thanks!!! I'll try this. I'm hoping for once cert for all sites. On 2015-07-04 15:34, JD Austin wrote: Usually it's something like this: # Generate private key openssl genrsa -out ca.key 2048 # Generate CSR openssl req -new -key ca.key -out ca.csr # Generate Self Signed Key openssl x509 -req -days 999 -in ca.csr -signkey ca.key -out ca.crt # Copy the files to the correct locations cp ca.crt /etc/pki/tls/certs/localhost.crt cp ca.key /etc/pki/tls/private/localhost.key cp ca.csr /etc/pki/tls/private/ca.csr -- JD Austin Voice: 480.269.4335 (480 2MY Geek) j...@twingeckos.com On Fri, Jul 3, 2015 at 8:17 PM, Keith Smith wrote: It was easier to just start over - 20 min and the cert is not an issue any longer. On 2015-07-03 18:39, Keith Smith wrote: Hi, I'm setting up a VirtualBox and am setting up a VM using CentOS 6.6. Everything was running and I could see default welcome page in desktop by using the IP for the URL. Then I wanted to configure a virtual host as a dev / test site. I tried creating the SSL Cert by using openssl. # cd /etc/pki/tls/certs # make mycert.pem This confused me. I noticed there was a file /etc/pki/tls/localhost.crt that had been created today so I deleted it. Ten I using the command: openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout /etc/httpd/ssl/test-site-name.key -out /etc/httpd/ssl/test-site-name.crt Which created the certs. I configured the virtual host and when I restarted Apache it just fails w/o any message. The logs: tail error_log [Fri Jul 03 17:49:36 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:51:27 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:52:28 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:56:13 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:57:13 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:57:19 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 17:59:35 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 18:02:14 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 18:02:46 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 03 18:03:17 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) tail ssl_error_log [Fri Jul 03 18:02:14 2015] [error] Unable to configure RSA server private key [Fri Jul 03 18:02:14 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Fri Jul 03 18:02:46 2015] [error] Unable to configure RSA server private key [Fri Jul 03 18:02:46 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Fri Jul 03 18:03:17 2015] [error] Unable to configure RSA server private key [Fri Jul 03 18:03:17 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch Tried: openssl x509 -noout -modulus -in your_domain_com.crt | openssl md5 openssl rsa -noout -modulus -in your_domain_com.key | openssl md5 and got matching numbers. Any help is much appreciated. -- Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1] Links: -- [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss -- Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Self signed cert
Usually it's something like this: # Generate private key openssl genrsa -out ca.key 2048 # Generate CSR openssl req -new -key ca.key -out ca.csr # Generate Self Signed Key openssl x509 -req -days 999 -in ca.csr -signkey ca.key -out ca.crt # Copy the files to the correct locations cp ca.crt /etc/pki/tls/certs/localhost.crt cp ca.key /etc/pki/tls/private/localhost.key cp ca.csr /etc/pki/tls/private/ca.csr -- JD Austin Voice: 480.269.4335 (480 2MY Geek) j...@twingeckos.com On Fri, Jul 3, 2015 at 8:17 PM, Keith Smith wrote: > It was easier to just start over - 20 min and the cert is not an issue any > longer. > > > On 2015-07-03 18:39, Keith Smith wrote: > >> Hi, >> >> >> I'm setting up a VirtualBox and am setting up a VM using CentOS 6.6. >> Everything was running and I could see default welcome page in desktop >> by using the IP for the URL. >> >> Then I wanted to configure a virtual host as a dev / test site. >> >> I tried creating the SSL Cert by using openssl. >> >> # cd /etc/pki/tls/certs >> # make mycert.pem >> >> This confused me. I noticed there was a file >> /etc/pki/tls/localhost.crt that had been created today so I deleted >> it. >> >> Ten I using the command: >> >> openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout >> /etc/httpd/ssl/test-site-name.key -out >> /etc/httpd/ssl/test-site-name.crt >> >> Which created the certs. >> >> I configured the virtual host and when I restarted Apache it just >> fails w/o any message. >> >> The logs: >> >> tail error_log >> [Fri Jul 03 17:49:36 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jul 03 17:51:27 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jul 03 17:52:28 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jul 03 17:56:13 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jul 03 17:57:13 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jul 03 17:57:19 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jul 03 17:59:35 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jul 03 18:02:14 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jul 03 18:02:46 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> [Fri Jul 03 18:03:17 2015] [notice] suEXEC mechanism enabled (wrapper: >> /usr/sbin/suexec) >> >> >> tail ssl_error_log >> [Fri Jul 03 18:02:14 2015] [error] Unable to configure RSA server private >> key >> [Fri Jul 03 18:02:14 2015] [error] SSL Library Error: 185073780 >> error:0B080074:x509 certificate routines:X509_check_private_key:key >> values mismatch >> [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate is a CA >> certificate (BasicConstraints: CA == TRUE !?) >> [Fri Jul 03 18:02:46 2015] [warn] RSA server certificate CommonName >> (CN) `localhost.localdomain' does NOT match server name!? >> [Fri Jul 03 18:02:46 2015] [error] Unable to configure RSA server private >> key >> [Fri Jul 03 18:02:46 2015] [error] SSL Library Error: 185073780 >> error:0B080074:x509 certificate routines:X509_check_private_key:key >> values mismatch >> [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate is a CA >> certificate (BasicConstraints: CA == TRUE !?) >> [Fri Jul 03 18:03:17 2015] [warn] RSA server certificate CommonName >> (CN) `localhost.localdomain' does NOT match server name!? >> [Fri Jul 03 18:03:17 2015] [error] Unable to configure RSA server private >> key >> [Fri Jul 03 18:03:17 2015] [error] SSL Library Error: 185073780 >> error:0B080074:x509 certificate routines:X509_check_private_key:key >> values mismatch >> >> >> Tried: >> >> openssl x509 -noout -modulus -in your_domain_com.crt | openssl md5 >> openssl rsa -noout -modulus -in your_domain_com.key | openssl md5 >> >> and got matching numbers. >> >> Any help is much appreciated. >> > > -- > Keith Smith > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Self signed cert for multiple websites
On 2015-07-04 08:53, Stephen Partington wrote: https://blog.celogeek.com/201209/209/how-to-create-a-self-signed-wildcard-certificate/ [2] After reading a bit about this I assume I use the host name which is something like servername.domain.local. When asked "Common Name (eg, your name or your server's hostname) []:" I enter *.domain.local. (hostname) Which will create a server wide wild card cert that will work with MyTestSite.local, MyOtherSite.local ... etc. Do I understand correctly? And should work with sub-domains as well such as shop.MyTestSite.local, shop.MyOtherSite.local... etc. One cert for all. Thanks again for all your help!! Keith On Sat, Jul 4, 2015 at 8:39 AM, Keith Smith wrote: On 2015-07-04 07:53, Stephen Partington wrote: As long as the "domain" remains the same the same cert should work. Once that changes you will need a new cert. I will be creating multiple test sites. Each with a unique domain such as mytestsite.local and anothertestsite.local, each having it's own virtual host and docroot. How do I create a unique cert for each domain? There is a number of questions that are asked during the cert creation. Country Name (2 letter code) [GB]: State or Province Name (full name) [Berkshire]: Locality Name (eg, city) [Newbury]: Organization Name (eg, company) [My Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []: An optional company name []: I assume what makes each cert unique is the answer to "Common Name (eg, your name or your server's hostname)". I enter the domain name not the FQDN or hostname of the server. Or maybe each cert is unique and by associating it with the domain and adding the excretion to the browser is all that is needed? I am rather new to creating self signed certs and the above is an assumption. Any guidance is much appreciated. Keith On Sat, Jul 4, 2015 at 6:04 AM, Keith Smith wrote: Hi, I've configured a VM using VirtualBox and it is running CentOS 6.6. To create the self signed cert I followed 3 steps: 1) mkdir /etc/httpd/ssl 2) cd /etc/httpd/ssl 3) openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout /etc/httpd/ssl/name-of-my-test-site.key -out /etc/httpd/ssl/name-of-my-test-site.crt I've tested the cert and it works. Now I want to add more test sites to my VM. I've done some research and am not finding any information about how to configure the self signed cert(s) for multiple sites. From reading the docs it appears that I create one cert for the box and it will be used by all the sites on my box (test/dev VM). Is this true or do I need to create a cert specific for each virtual host? If I need to create a cert for each virtual host, how do I do so? Thank you so much for all your help!! -- Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1] [1] -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen Links: -- [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1] --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1] -- Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1] -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen Links: -- [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2] https://blog.celogeek.com/201209/209/how-to-create-a-self-signed-wildcard-certificate/ --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss -- Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Happy Independence Day
Am 04. Jul, 2015 schwätzte Keith Smith so: moin moin, Happy 4th to all!! Danke. You too. Hope it's full of friends and family and outbound airborn explosions. ciao, der.hans -- # http://www.LuftHans.com/http://www.PhxLinux.org/ # "Rock 'n' roll might not solve your problems, but it does let you dance # all over them." -- Pete Townsend--- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Happy Independence Day
Happy 4th to all!! -- Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Self signed cert for multiple websites
On 2015-07-04 08:53, Stephen Partington wrote: https://blog.celogeek.com/201209/209/how-to-create-a-self-signed-wildcard-certificate/ [2] Thanks!! On Sat, Jul 4, 2015 at 8:39 AM, Keith Smith wrote: On 2015-07-04 07:53, Stephen Partington wrote: As long as the "domain" remains the same the same cert should work. Once that changes you will need a new cert. I will be creating multiple test sites. Each with a unique domain such as mytestsite.local and anothertestsite.local, each having it's own virtual host and docroot. How do I create a unique cert for each domain? There is a number of questions that are asked during the cert creation. Country Name (2 letter code) [GB]: State or Province Name (full name) [Berkshire]: Locality Name (eg, city) [Newbury]: Organization Name (eg, company) [My Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []: An optional company name []: I assume what makes each cert unique is the answer to "Common Name (eg, your name or your server's hostname)". I enter the domain name not the FQDN or hostname of the server. Or maybe each cert is unique and by associating it with the domain and adding the excretion to the browser is all that is needed? I am rather new to creating self signed certs and the above is an assumption. Any guidance is much appreciated. Keith On Sat, Jul 4, 2015 at 6:04 AM, Keith Smith wrote: Hi, I've configured a VM using VirtualBox and it is running CentOS 6.6. To create the self signed cert I followed 3 steps: 1) mkdir /etc/httpd/ssl 2) cd /etc/httpd/ssl 3) openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout /etc/httpd/ssl/name-of-my-test-site.key -out /etc/httpd/ssl/name-of-my-test-site.crt I've tested the cert and it works. Now I want to add more test sites to my VM. I've done some research and am not finding any information about how to configure the self signed cert(s) for multiple sites. From reading the docs it appears that I create one cert for the box and it will be used by all the sites on my box (test/dev VM). Is this true or do I need to create a cert specific for each virtual host? If I need to create a cert for each virtual host, how do I do so? Thank you so much for all your help!! -- Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1] [1] -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen Links: -- [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1] --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1] -- Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1] -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen Links: -- [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2] https://blog.celogeek.com/201209/209/how-to-create-a-self-signed-wildcard-certificate/ --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss -- Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Self signed cert for multiple websites
https://blog.celogeek.com/201209/209/how-to-create-a-self-signed-wildcard-certificate/ On Sat, Jul 4, 2015 at 8:39 AM, Keith Smith wrote: > On 2015-07-04 07:53, Stephen Partington wrote: > >> As long as the "domain" remains the same the same cert should work. >> Once that changes you will need a new cert. >> >> > > I will be creating multiple test sites. Each with a unique domain such as > mytestsite.local and anothertestsite.local, each having it's own virtual > host and docroot. > > How do I create a unique cert for each domain? > > > > There is a number of questions that are asked during the cert creation. > > Country Name (2 letter code) [GB]: > State or Province Name (full name) [Berkshire]: > Locality Name (eg, city) [Newbury]: > Organization Name (eg, company) [My Company Ltd]: > Organizational Unit Name (eg, section) []: > Common Name (eg, your name or your server's hostname) []: > Email Address []: > An optional company name []: > > I assume what makes each cert unique is the answer to "Common Name (eg, > your name or your server's hostname)". I enter the domain name not the > FQDN or hostname of the server. > > Or maybe each cert is unique and by associating it with the domain and > adding the excretion to the browser is all that is needed? > > I am rather new to creating self signed certs and the above is an > assumption. > > Any guidance is much appreciated. > > Keith > > > > > > > > On Sat, Jul 4, 2015 at 6:04 AM, Keith Smith >> wrote: >> >> Hi, >>> >>> I've configured a VM using VirtualBox and it is running CentOS 6.6. >>> >>> To create the self signed cert I followed 3 steps: >>> >>> 1) mkdir /etc/httpd/ssl >>> >>> 2) cd /etc/httpd/ssl >>> >>> 3) openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout >>> /etc/httpd/ssl/name-of-my-test-site.key -out >>> /etc/httpd/ssl/name-of-my-test-site.crt >>> >>> I've tested the cert and it works. >>> >>> Now I want to add more test sites to my VM. >>> >>> I've done some research and am not finding any information about >>> how to configure the self signed cert(s) for multiple sites. From >>> reading the docs it appears that I create one cert for the box and >>> it will be used by all the sites on my box (test/dev VM). Is this >>> true or do I need to create a cert specific for each virtual host? >>> If I need to create a cert for each virtual host, how do I do so? >>> >>> Thank you so much for all your help!! >>> >>> -- >>> Keith Smith >>> --- >>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>> To subscribe, unsubscribe, or to change your mail settings: >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1] >>> >> >> -- >> >> A mouse trap, placed on top of your alarm clock, will prevent you from >> rolling over and going back to sleep after you hit the snooze button. >> >> Stephen >> >> >> >> Links: >> -- >> [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss >> >> --- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >> > > -- > Keith Smith > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Self signed cert for multiple websites
On 2015-07-04 07:53, Stephen Partington wrote: As long as the "domain" remains the same the same cert should work. Once that changes you will need a new cert. I will be creating multiple test sites. Each with a unique domain such as mytestsite.local and anothertestsite.local, each having it's own virtual host and docroot. How do I create a unique cert for each domain? There is a number of questions that are asked during the cert creation. Country Name (2 letter code) [GB]: State or Province Name (full name) [Berkshire]: Locality Name (eg, city) [Newbury]: Organization Name (eg, company) [My Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []: An optional company name []: I assume what makes each cert unique is the answer to "Common Name (eg, your name or your server's hostname)". I enter the domain name not the FQDN or hostname of the server. Or maybe each cert is unique and by associating it with the domain and adding the excretion to the browser is all that is needed? I am rather new to creating self signed certs and the above is an assumption. Any guidance is much appreciated. Keith On Sat, Jul 4, 2015 at 6:04 AM, Keith Smith wrote: Hi, I've configured a VM using VirtualBox and it is running CentOS 6.6. To create the self signed cert I followed 3 steps: 1) mkdir /etc/httpd/ssl 2) cd /etc/httpd/ssl 3) openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout /etc/httpd/ssl/name-of-my-test-site.key -out /etc/httpd/ssl/name-of-my-test-site.crt I've tested the cert and it works. Now I want to add more test sites to my VM. I've done some research and am not finding any information about how to configure the self signed cert(s) for multiple sites. From reading the docs it appears that I create one cert for the box and it will be used by all the sites on my box (test/dev VM). Is this true or do I need to create a cert specific for each virtual host? If I need to create a cert for each virtual host, how do I do so? Thank you so much for all your help!! -- Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss [1] -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen Links: -- [1] http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss -- Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Self signed cert for multiple websites
As long as the "domain" remains the same the same cert should work. Once that changes you will need a new cert. On Sat, Jul 4, 2015 at 6:04 AM, Keith Smith wrote: > Hi, > > I've configured a VM using VirtualBox and it is running CentOS 6.6. > > To create the self signed cert I followed 3 steps: > > 1) mkdir /etc/httpd/ssl > > 2) cd /etc/httpd/ssl > > 3) openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout > /etc/httpd/ssl/name-of-my-test-site.key -out > /etc/httpd/ssl/name-of-my-test-site.crt > > I've tested the cert and it works. > > Now I want to add more test sites to my VM. > > I've done some research and am not finding any information about how to > configure the self signed cert(s) for multiple sites. From reading the > docs it appears that I create one cert for the box and it will be used by > all the sites on my box (test/dev VM). Is this true or do I need to create > a cert specific for each virtual host? If I need to create a cert for each > virtual host, how do I do so? > > Thank you so much for all your help!! > > -- > Keith Smith > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Self signed cert for multiple websites
Hi, I've configured a VM using VirtualBox and it is running CentOS 6.6. To create the self signed cert I followed 3 steps: 1) mkdir /etc/httpd/ssl 2) cd /etc/httpd/ssl 3) openssl req -x509 -nodes -days 4000 -newkey rsa:2048 -keyout /etc/httpd/ssl/name-of-my-test-site.key -out /etc/httpd/ssl/name-of-my-test-site.crt I've tested the cert and it works. Now I want to add more test sites to my VM. I've done some research and am not finding any information about how to configure the self signed cert(s) for multiple sites. From reading the docs it appears that I create one cert for the box and it will be used by all the sites on my box (test/dev VM). Is this true or do I need to create a cert specific for each virtual host? If I need to create a cert for each virtual host, how do I do so? Thank you so much for all your help!! -- Keith Smith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
