----- Original Message ----- > Le mer. 14 déc. 2011 13:49:54 CET, Tom Evans a écrit : > > On Wed, Dec 14, 2011 at 12:43 PM, rey sebastien<reyma...@gmail.com> > > wrote: > >> Hello users :) > >> I try to ask a "smart" question on my problem... > >> > >> I have some problem with nested subdomain and wildcard openssl > >> certificate.. > >> perhaps, i don't know, this is because the subdomain type is : > >> site1.parisgeo.cnrs.fr, or site2.parisgeo.cnrs.fr, or other > >> subdomain like > >> xxxx.parisgeo.cnrs.fr > >> … > >> I generate my certificate like this (CN = *.parisgeo.cnrs.fr) : > >> > >> openssl genrsa -des3 -out ca.key 2048 > >> openssl req -new -x509 -days 3650 -key ca.key -out ca.crt > >> openssl req -newkey rsa:1024 -nodes -keyout parisgeo.cnrs.fr.key > >> -out > >> … > >> root@xxxx:/etc/ssl# openssl s_client -connect > >> partage.parisgeo.cnrs.fr:443 > >> … > >> Verify return code: 18 (self signed certificate) > >> --- > >> closed > >> > >> The firefox error when i try to connect to the site is : > >> > >> An error occurred during a connection to partage.parisgeo.cnrs.fr. > >> Peer's certificate has an invalid signature. > >> (Error code: sec_error_bad_signature) > >> > > > > Firefox will not trust a self signed certificate unless you install > > the CA certificate into your browser's keychain. Other browsers > > will > > ask if you want to accept a self signed certificate. > > > > Cheers > > > > Tom > > > > Thanks for yout great explain, > I try to connect with chrome, and it's possible to access the > website, > so you're right ... > > Is there any solution to bypass this problem ? With another type of > self signed certificate wich need no CA ? or contain the Ca i don't > know ?
cacert.org will issue free certificates, and, IIRC, also wildcard certificates. They are available in *most* browsers. > Cheers, > SR. i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
