On Fri, 28 Nov 2003, Jared Pritchard wrote: Hi,
sounds like maybe you are editing the wrong config files and/or starting the wrong daemon.. ie httpsdctl and httpsd.conf We generate our own CA and certificates all the time and it might be that your apache is not reading the same file as you edited... Without seeing the directory and configuration files in their entirety its just guessing, but I hope this helps, cheers kind regards, Norman > Hello. > Our security certificate is going to expire on the 11-12-03. > I'm new to this business since the original was implemented. Back then, it > was done via Equifax. > > The old keys etc. went under the default names of 'server.key' > 'server.crt' and so on > > I have generated a new key for the business and named it > 'waterexchange.key' to make it a bit easier to identify.... (our website is > www.waterexchange.com.au) > Then I generated a Certificate Request & sent that off to GeoTrust who then > generated the signed certificate. > > Then I installed that certificate under 'waterexchange.crt' - > So far so good. Using the openssl I can read the certificate and all the > output seems fine. It has all our details such as the common name etc. as it > should be. > > Now - > > I have edited the httpd.conf file to point to the new files as above, then > restarted apache & httpd using > > apachectl restart > httpd restart > > ... > ... > ... > > In theory, this should set the new certificates in motion.... ?? > > But a quick test on the webpage (change http:// to https://) by opening the > certificate info still displays the old stuff. > I thought somehow it might store that info in cache so I tried on other > computers that had never been to the site (at least not the ssl areas)- > tried all > sorts of things - nothing. Old cert. > > So I tried > > apachectl stop > apachectl start > > and the corresponding commands for httpd but still nothing... > > Any ideas??? > We are running RedHat / Apache / MOD SSL > I think it's RedHat 7.3 (Had to be for a RADIUS server) > Apache is V 1.3.23-11 > openssl is V 0.9.6b-18 > > Does the original certificate have to run out first??? > If so - how does that work? If we've referenced to the new certs shouldn't > it load those details... > unless there's a central registry or something...? Perhaps at GeoTrust.? > > Anyway - I;m lost.... any help will be greatly appreciated. : ) > A point in the right direction even? > > Regards, > Jared Pritchard > Waterexchange Pty. Ltd. -- Epsilon-6! Ph:+612 8807-4780 Fax: +612 8807-4498 E-Solutions for BSD and Linux http://www.paladincorp.com.au/ -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
