On Wed, Dec 14, 2011 at 12:43 PM, rey sebastien <reyma...@gmail.com> wrote: > Hello users :) > I try to ask a "smart" question on my problem... > > I have some problem with nested subdomain and wildcard openssl certificate.. > perhaps, i don't know, this is because the subdomain type is : > site1.parisgeo.cnrs.fr, or site2.parisgeo.cnrs.fr, or other subdomain like > xxxx.parisgeo.cnrs.fr > … > I generate my certificate like this (CN = *.parisgeo.cnrs.fr) : > > openssl genrsa -des3 -out ca.key 2048 > openssl req -new -x509 -days 3650 -key ca.key -out ca.crt > openssl req -newkey rsa:1024 -nodes -keyout parisgeo.cnrs.fr.key -out > … > root@xxxx:/etc/ssl# openssl s_client -connect partage.parisgeo.cnrs.fr:443 > … > Verify return code: 18 (self signed certificate) > --- > closed > > The firefox error when i try to connect to the site is : > > An error occurred during a connection to partage.parisgeo.cnrs.fr. > Peer's certificate has an invalid signature. > (Error code: sec_error_bad_signature) >
Firefox will not trust a self signed certificate unless you install the CA certificate into your browser's keychain. Other browsers will ask if you want to accept a self signed certificate. Cheers Tom --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
