You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "Harrell, Roger" <rj...@bechtel.com> on 2004/03/18 18:07:10 UTC

[users@httpd] SSL Testing

I'm setting up a secure server on a Red Hat 9 box with Apache 2.0. I've
followed the instructions on the Red Hat site for generating a self-signed
cert for testing:
https://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-secur
eserver-optionalpackages.html

When I try to access the secure server:
https://www.musicwithmeaning.com/index.html

I get a "Page cannot be displayed error"

My ssl error logs show:
[warn] RSA server certificate is a CA certificate (BasicConstraints: CA ==
TRUE !?)

Thoughts/help/direction?

Thanks,
Roger

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] SSL Testing

Posted by "Shaun T. Erickson" <st...@smxy.org>.

Harrell, Roger wrote:

> I'm setting up a secure server on a Red Hat 9 box with Apache 2.0. I've
> followed the instructions on the Red Hat site for generating a self-signed
> cert for testing:
> https://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-secur
> eserver-optionalpackages.html
> 
> When I try to access the secure server:
> https://www.musicwithmeaning.com/index.html
> 
> I get a "Page cannot be displayed error"
> 
> My ssl error logs show:
> [warn] RSA server certificate is a CA certificate (BasicConstraints: CA ==
> TRUE !?)

Isn't the answer right there in the warning message? It looks like you 
set uo your own Certificate Authority (CA) and instead of using your 
server's key and certificate, signed by that CA, you instead used the 
CA's certificate instead. Make sure you are using the correct certificate.

	-ste

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] SSL Testing

Posted by Geoff Hartman <ge...@fivepack.net>.

I had posted a message with a similar question! Are you gettin this in your
logs?

[Mon Mar 15 13:53:47 2004] [error] Init: Unable to read server certificate
from file /usr/local/apache/conf/ssl.crt/server.crt
[Mon Mar 15 13:53:47 2004] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Mar 15 13:53:47 2004] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

Please let me know what you find out...

----- Original Message ----- 
From: "Harrell, Roger" <rj...@bechtel.com>
To: <us...@httpd.apache.org>
Sent: Thursday, March 18, 2004 9:07 AM
Subject: [users@httpd] SSL Testing


> I'm setting up a secure server on a Red Hat 9 box with Apache 2.0. I've
> followed the instructions on the Red Hat site for generating a self-signed
> cert for testing:
>
https://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-secur
> eserver-optionalpackages.html
>
> When I try to access the secure server:
> https://www.musicwithmeaning.com/index.html
>
> I get a "Page cannot be displayed error"
>
> My ssl error logs show:
> [warn] RSA server certificate is a CA certificate (BasicConstraints: CA ==
> TRUE !?)
>
> Thoughts/help/direction?
>
> Thanks,
> Roger
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org