Hello users :) I try to ask a "smart" question on my problem...
I have some problem with nested subdomain and wildcard openssl certificate.. perhaps, i don't know, this is because the subdomain type is : site1.parisgeo.cnrs.fr, or site2.parisgeo.cnrs.fr, or other subdomain like xxxx.parisgeo.cnrs.fr
When i create the self signed certificate, i enter CN = *.parisgeo.cnrs.fr, but it's seems it's impossible to connect on this site for example partage.parisgeo.cnrs.fr with this configuration ! Arg.
My virtualhost and my apache2 conf *work* with no wildcard cerficate, so the problem is not here i think :
The port.conf | NameVirtualHost *:443 Listen 443 | An example virtualhost i have : |<VirtualHost *:443> ServerName partage.parisgeo.cnrs.fr ServerAliaswww.partage.parisgeo.cnrs.Fr DocumentRoot /var/www/owncloud <Directory /var/www/owncloud> Options -Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny Allow from all </Directory> SSLEngine on SSLCertificateFile /etc/ssl/parisgeo.cnrs.fr.crt SSLCertificateKeyFile /etc/ssl/parisgeo.cnrs.fr.key </VirtualHost> | I generate my certificate like this (CN = *.parisgeo.cnrs.fr) : |openssl genrsa -des3 -out ca.key 2048 openssl req -new -x509 -days 3650 -key ca.key -out ca.crt openssl req -newkey rsa:1024 -nodes -keyout parisgeo.cnrs.fr.key -out parisgeo.cnrs.fr.csr openssl x509 -req -days 3650 -in parisgeo.cnrs.fr.csr -CA ca.crt -CAcreateserial -CAkey ca.key -out parisgeo.cnrs.fr.crt | The right for my generate key file : |-rw-r--r-- 1 root root 1424 14 déc. 11:51 ca.crt -rw-r--r-- 1 root root 1743 14 déc. 11:50 ca.key -rw-r--r-- 1 root root 17 14 déc. 12:13 ca.srl -rw-r--r-- 1 root root 981 14 déc. 12:13 parisgeo.cnrs.fr.crt -rw-r--r-- 1 root root 627 14 déc. 12:08 parisgeo.cnrs.fr.csr -rw-r--r-- 1 root root 891 14 déc. 12:08 parisgeo.cnrs.fr.key | When i try to connect and test the certificate with openssl : |root@xxxx:/etc/ssl# openssl s_client -connect partage.parisgeo.cnrs.fr:443 CONNECTED(00000003) depth=0 /C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr verify error:num=18:self signed certificate verify return:1 depth=0 /C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr verify return:1 --- Certificate chain 0 s:/C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr i:/C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr --- Server certificate ----BEGIN CERTIFICATE----- ..... blabla ..... -----BEGIN CERTIFICATE----- subject=/C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr issuer=/C=FR/ST=IDF/L=PARIS/O=CNRS/CN=*.parisgeo.cnrs.fr --- No client certificate CA names sent --- SSL handshake has read 1253 bytes and written 319 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 7642C70A1E358CAA5901C060A26655DE3AF0BA683C9A598BA7C4B14FF108ADD7 Session-ID-ctx: Master-Key: 65184165198498498484 6516511321584831181468469431688132138498 Key-Arg : None Start Time: 1323862629 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- closed| The firefox error when i try to connect to the site is : |An error occurred during a connection to partage.parisgeo.cnrs.fr. Peer's certificate has an invalid signature. (Error code: sec_error_bad_signature) | If you have any idea to help me resolving this problem .. Thanks a lot ! SR.