You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by ed...@ita.org.mo on 2007/09/21 16:50:59 UTC
[users@httpd] https can;t be good for work
Dear All,
I can't to enable the https as the following :
<VirtualHost webmail.ita.org.mo>
Redirect / https://webmail.ita.org.mo:443
</VirtualHost>
<VirtualHost webmail.ita.org.mo>
DocumentRoot ...
ServerName webmail.ita.org.mo
ErrorLog ...
TransferLog ...
SSLEngine on
SSLCertificateFile server.crt
SSLCertificateKeyFile server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/itawm-ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
error log of web server :
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
ssl error log :
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
So, what mistake about the config ?
Remark : The ssl is self-signed SSL Certificate, and the Web Server come
with FC6 System.
Thanks !
Edward.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Max Users
Posted by Joshua Slive <jo...@slive.ca>.
On 9/21/07, James Sherwood <js...@rgisolutions.com> wrote:
> My understanding if you dont have that directive the max is 250.
>
> I have tried hitting it with 1000 concurrent connections and it does not
> throw a server too busy error.
See the ListenBacklog directive.
Apache does not send a nicely-formatted html error page saying "Server
Too Busy". The basic reasoning is that, if there were resources free
to send that page, why not send what the browser requested instead.
When MaxClients is hit, apache simply doesn't accept more connections.
They are kept in the ListenBacklog and the overflow is simply
rejected.
If you really want a "Server Too Busy" message, there are some third
party modules that can do it. I haven't personally used any of them.
See: http://modules.apache.org/
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Max Users
Posted by James Sherwood <js...@rgisolutions.com>.
My understanding if you dont have that directive the max is 250.
I have tried hitting it with 1000 concurrent connections and it does not
throw a server too busy error.
--James
----- Original Message -----
From: "Luis Moreira" <lu...@esi.pt>
To: <us...@httpd.apache.org>
Sent: Friday, September 21, 2007 12:18 PM
Subject: Re: [users@httpd] Max Users
> Have you tried to add that directive ?
>
> MaxClients N
>
> Luis
>
>
> James Sherwood wrote:
>> Hello,
>>
>> I am trying to get my apache to not allow users past X number.
>>
>> We are using Apache 2.0.54 on Win2003 server
>> The httpd.conf does not have a MaxClients directive in it.
>>
>> The only thing it has is:
>> <IfModule mpm_winnt.c>
>> ThreadsPerChild 450
>> MaxRequestsPerChild 0
>> </IfModule>
>>
>> There is no module called mpm_winnt.c in any of the directories.
>>
>> Basically what I am striving for is after X number of concurrent
>> connections, return a server too busy error. Is this possible?
>>
>> Thanks in advance,
>> James
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
> --
> *Luis Moreira*
> *Analista*
> *E. S. Informática*
> *Gestão de Sistemas, Qualidade e Produção
> Comunicação de Dados e Segurança
> *Rua Fraternidade Operária 5
> 2799-501 Carnaxide
> Tel: +351 21 416 82 88
> Fax: +351 21 416 80 92
> Email : luis.moreira@esi.pt <ma...@esi.pt>
> URL: http://www.esi.pt <http://www.esi.pt/>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> __________ NOD32 2543 (20070921) Information __________
>
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Max Users
Posted by Luis Moreira <lu...@esi.pt>.
Have you tried to add that directive ?
MaxClients N
Luis
James Sherwood wrote:
> Hello,
>
> I am trying to get my apache to not allow users past X number.
>
> We are using Apache 2.0.54 on Win2003 server
> The httpd.conf does not have a MaxClients directive in it.
>
> The only thing it has is:
> <IfModule mpm_winnt.c>
> ThreadsPerChild 450
> MaxRequestsPerChild 0
> </IfModule>
>
> There is no module called mpm_winnt.c in any of the directories.
>
> Basically what I am striving for is after X number of concurrent
> connections, return a server too busy error. Is this possible?
>
> Thanks in advance,
> James
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
*Luis Moreira*
*Analista*
*E. S. Informática*
*Gestão de Sistemas, Qualidade e Produção
Comunicação de Dados e Segurança
*Rua Fraternidade Operária 5
2799-501 Carnaxide
Tel: +351 21 416 82 88
Fax: +351 21 416 80 92
Email : luis.moreira@esi.pt <ma...@esi.pt>
URL: http://www.esi.pt <http://www.esi.pt/>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Max Users
Posted by James Sherwood <js...@rgisolutions.com>.
Hello,
I am trying to get my apache to not allow users past X number.
We are using Apache 2.0.54 on Win2003 server
The httpd.conf does not have a MaxClients directive in it.
The only thing it has is:
<IfModule mpm_winnt.c>
ThreadsPerChild 450
MaxRequestsPerChild 0
</IfModule>
There is no module called mpm_winnt.c in any of the directories.
Basically what I am striving for is after X number of concurrent
connections, return a server too busy error. Is this possible?
Thanks in advance,
James
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] https can;t be good for work
Posted by Neelam Kumar Sharma <ne...@persistent.co.in>.
Try the following step by step.. It should work...
http://tud.at/programm/apache-ssl-win32-howto.php3
----- Original Message -----
From: edwardspl@ita.org.mo
To: users@httpd.apache.org
Sent: Friday, September 21, 2007 9:45 PM
Subject: Re: [users@httpd] https can;t be good for work
Hello,
I have ever tried to the thing last time...
BUT it is still the error message !
Thanks !
Edward.
Serge Dubrouski wrote:
You still have a CA certificate configured as a Server SSL
certificate. That won't work. Get self signed SSL Server certificate.
On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
Hello to you,
re-post there again:
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
Edward.
Serge Dubrouski wrote:
What is the error message when you try selfsigned cert?
On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
Hello to you,
I have ever tried to the self cert, but it is still problem...
BTW, for the VH ( Virtual Host ) config, how to convert http to https ?
Due to http need the 80 port, and https need the 443 port...
Thanks !
Edward.
Serge Dubrouski wrote:
This guide tells you how to create your own Certificate Authority. You
can't use CA cert as a server SSL cert you have to use it for signing
server cert. See OpenSSL documentation for this or try to use this:
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert
On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
Hello,
Following this guide !
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca
Edward.
Serge Dubrouski wrote:
Where did you get you SSL certificate? Look like it's not the right one.
On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
Dear All,
I can't to enable the https as the following :
<VirtualHost webmail.ita.org.mo>
Redirect / https://webmail.ita.org.mo:443
</VirtualHost>
<VirtualHost webmail.ita.org.mo>
DocumentRoot ...
ServerName webmail.ita.org.mo
ErrorLog ...
TransferLog ...
SSLEngine on
SSLCertificateFile server.crt
SSLCertificateKeyFile server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/itawm-ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
error log of web server :
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost' does NOT match server name!?
ssl error log :
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
So, what mistake about the config ?
Remark : The ssl is self-signed SSL Certificate, and the Web Server come
with FC6 System.
Thanks !
Edward.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more
info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest:
users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
Re: [users@httpd] https can;t be good for work
Posted by ed...@ita.org.mo.
Hello,
I have ever tried to the thing last time...
BUT it is still the error message !
Thanks !
Edward.
Serge Dubrouski wrote:
>You still have a CA certificate configured as a Server SSL
>certificate. That won't work. Get self signed SSL Server certificate.
>
>On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>
>
>> Hello to you,
>>
>> re-post there again:
>> [Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>> [Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>> [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>> [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>
>> [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>> [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost.localdomain' does NOT match server name!?
>> [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>> [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost.localdomain' does NOT match server name!?
>>
>>
>> Edward.
>>
>> Serge Dubrouski wrote:
>>
>> What is the error message when you try selfsigned cert?
>>
>>On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>>
>>
>> Hello to you,
>>
>> I have ever tried to the self cert, but it is still problem...
>> BTW, for the VH ( Virtual Host ) config, how to convert http to https ?
>> Due to http need the 80 port, and https need the 443 port...
>>
>> Thanks !
>>
>> Edward.
>>
>>
>> Serge Dubrouski wrote:
>>
>> This guide tells you how to create your own Certificate Authority. You
>>can't use CA cert as a server SSL cert you have to use it for signing
>>server cert. See OpenSSL documentation for this or try to use this:
>>
>>http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert
>>
>>On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>>
>>
>> Hello,
>>
>> Following this guide !
>> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca
>>
>> Edward.
>>
>>
>> Serge Dubrouski wrote:
>>
>> Where did you get you SSL certificate? Look like it's not the right one.
>>
>>On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>>
>>
>> Dear All,
>>
>>I can't to enable the https as the following :
>>
>><VirtualHost webmail.ita.org.mo>
>>Redirect / https://webmail.ita.org.mo:443
>></VirtualHost>
>>
>><VirtualHost webmail.ita.org.mo>
>>DocumentRoot ...
>>ServerName webmail.ita.org.mo
>>ErrorLog ...
>>TransferLog ...
>>SSLEngine on
>>SSLCertificateFile server.crt
>>SSLCertificateKeyFile server.key
>><Files ~ "\.(cgi|shtml|phtml|php3?)$">
>> SSLOptions +StdEnvVars
>></Files>
>><Directory "/var/www/cgi-bin">
>> SSLOptions +StdEnvVars
>></Directory>
>>SetEnvIf User-Agent ".*MSIE.*" \
>> nokeepalive ssl-unclean-shutdown \
>> downgrade-1.0 force-response-1.0
>>CustomLog /var/log/itawm-ssl_request_log \
>> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>></VirtualHost>
>>
>>
>>error log of web server :
>>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>
>>ssl error log :
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost.localdomain' does NOT match server name!?
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost.localdomain' does NOT match server name!?
>>
>>So, what mistake about the config ?
>>
>>Remark : The ssl is self-signed SSL Certificate, and the Web Server come
>>with FC6 System.
>>
>>Thanks !
>>
>>Edward.
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more
>>info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest:
>>users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
Re: [users@httpd] https can;t be good for work
Posted by Serge Dubrouski <se...@gmail.com>.
You still have a CA certificate configured as a Server SSL
certificate. That won't work. Get self signed SSL Server certificate.
On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>
> Hello to you,
>
> re-post there again:
> [Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
>
> [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate CommonName (CN)
> `localhost.localdomain' does NOT match server name!?
> [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 23:52:36 2007] [warn] RSA server certificate CommonName (CN)
> `localhost.localdomain' does NOT match server name!?
>
>
> Edward.
>
> Serge Dubrouski wrote:
>
> What is the error message when you try selfsigned cert?
>
> On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>
>
> Hello to you,
>
> I have ever tried to the self cert, but it is still problem...
> BTW, for the VH ( Virtual Host ) config, how to convert http to https ?
> Due to http need the 80 port, and https need the 443 port...
>
> Thanks !
>
> Edward.
>
>
> Serge Dubrouski wrote:
>
> This guide tells you how to create your own Certificate Authority. You
> can't use CA cert as a server SSL cert you have to use it for signing
> server cert. See OpenSSL documentation for this or try to use this:
>
> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert
>
> On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>
>
> Hello,
>
> Following this guide !
> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca
>
> Edward.
>
>
> Serge Dubrouski wrote:
>
> Where did you get you SSL certificate? Look like it's not the right one.
>
> On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>
>
> Dear All,
>
> I can't to enable the https as the following :
>
> <VirtualHost webmail.ita.org.mo>
> Redirect / https://webmail.ita.org.mo:443
> </VirtualHost>
>
> <VirtualHost webmail.ita.org.mo>
> DocumentRoot ...
> ServerName webmail.ita.org.mo
> ErrorLog ...
> TransferLog ...
> SSLEngine on
> SSLCertificateFile server.crt
> SSLCertificateKeyFile server.key
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> SSLOptions +StdEnvVars
> </Files>
> <Directory "/var/www/cgi-bin">
> SSLOptions +StdEnvVars
> </Directory>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> CustomLog /var/log/itawm-ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> </VirtualHost>
>
>
> error log of web server :
> [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
> [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
>
> ssl error log :
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost.localdomain' does NOT match server name!?
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost.localdomain' does NOT match server name!?
>
> So, what mistake about the config ?
>
> Remark : The ssl is self-signed SSL Certificate, and the Web Server come
> with FC6 System.
>
> Thanks !
>
> Edward.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
--
Serge Dubrouski.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] https can;t be good for work
Posted by ed...@ita.org.mo.
Hello to you,
re-post there again:
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
Edward.
Serge Dubrouski wrote:
>What is the error message when you try selfsigned cert?
>
>On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>
>
>> Hello to you,
>>
>> I have ever tried to the self cert, but it is still problem...
>> BTW, for the VH ( Virtual Host ) config, how to convert http to https ?
>> Due to http need the 80 port, and https need the 443 port...
>>
>> Thanks !
>>
>> Edward.
>>
>>
>> Serge Dubrouski wrote:
>>
>> This guide tells you how to create your own Certificate Authority. You
>>can't use CA cert as a server SSL cert you have to use it for signing
>>server cert. See OpenSSL documentation for this or try to use this:
>>
>>http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert
>>
>>On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>>
>>
>> Hello,
>>
>> Following this guide !
>> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca
>>
>> Edward.
>>
>>
>> Serge Dubrouski wrote:
>>
>> Where did you get you SSL certificate? Look like it's not the right one.
>>
>>On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>>
>>
>> Dear All,
>>
>>I can't to enable the https as the following :
>>
>><VirtualHost webmail.ita.org.mo>
>>Redirect / https://webmail.ita.org.mo:443
>></VirtualHost>
>>
>><VirtualHost webmail.ita.org.mo>
>>DocumentRoot ...
>>ServerName webmail.ita.org.mo
>>ErrorLog ...
>>TransferLog ...
>>SSLEngine on
>>SSLCertificateFile server.crt
>>SSLCertificateKeyFile server.key
>><Files ~ "\.(cgi|shtml|phtml|php3?)$">
>> SSLOptions +StdEnvVars
>></Files>
>><Directory "/var/www/cgi-bin">
>> SSLOptions +StdEnvVars
>></Directory>
>>SetEnvIf User-Agent ".*MSIE.*" \
>> nokeepalive ssl-unclean-shutdown \
>> downgrade-1.0 force-response-1.0
>>CustomLog /var/log/itawm-ssl_request_log \
>> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>></VirtualHost>
>>
>>
>>error log of web server :
>>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>
>>ssl error log :
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost.localdomain' does NOT match server name!?
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost.localdomain' does NOT match server name!?
>>
>>So, what mistake about the config ?
>>
>>Remark : The ssl is self-signed SSL Certificate, and the Web Server come
>>with FC6 System.
>>
>>Thanks !
>>
>>Edward.
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more
>>info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest:
>>users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
Re: [users@httpd] https can;t be good for work
Posted by ed...@ita.org.mo.
Hello to you,
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
Edward.
Serge Dubrouski wrote:
>What is the error message when you try selfsigned cert?
>
>On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>
>
>> Hello to you,
>>
>> I have ever tried to the self cert, but it is still problem...
>> BTW, for the VH ( Virtual Host ) config, how to convert http to https ?
>> Due to http need the 80 port, and https need the 443 port...
>>
>> Thanks !
>>
>> Edward.
>>
>>
>> Serge Dubrouski wrote:
>>
>> This guide tells you how to create your own Certificate Authority. You
>>can't use CA cert as a server SSL cert you have to use it for signing
>>server cert. See OpenSSL documentation for this or try to use this:
>>
>>http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert
>>
>>On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>>
>>
>> Hello,
>>
>> Following this guide !
>> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca
>>
>> Edward.
>>
>>
>> Serge Dubrouski wrote:
>>
>> Where did you get you SSL certificate? Look like it's not the right one.
>>
>>On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>>
>>
>> Dear All,
>>
>>I can't to enable the https as the following :
>>
>><VirtualHost webmail.ita.org.mo>
>>Redirect / https://webmail.ita.org.mo:443
>></VirtualHost>
>>
>><VirtualHost webmail.ita.org.mo>
>>DocumentRoot ...
>>ServerName webmail.ita.org.mo
>>ErrorLog ...
>>TransferLog ...
>>SSLEngine on
>>SSLCertificateFile server.crt
>>SSLCertificateKeyFile server.key
>><Files ~ "\.(cgi|shtml|phtml|php3?)$">
>> SSLOptions +StdEnvVars
>></Files>
>><Directory "/var/www/cgi-bin">
>> SSLOptions +StdEnvVars
>></Directory>
>>SetEnvIf User-Agent ".*MSIE.*" \
>> nokeepalive ssl-unclean-shutdown \
>> downgrade-1.0 force-response-1.0
>>CustomLog /var/log/itawm-ssl_request_log \
>> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>></VirtualHost>
>>
>>
>>error log of web server :
>>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>
>>ssl error log :
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost.localdomain' does NOT match server name!?
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost.localdomain' does NOT match server name!?
>>
>>So, what mistake about the config ?
>>
>>Remark : The ssl is self-signed SSL Certificate, and the Web Server come
>>with FC6 System.
>>
>>Thanks !
>>
>>Edward.
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more
>>info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest:
>>users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
Re: [users@httpd] https can;t be good for work
Posted by Serge Dubrouski <se...@gmail.com>.
What is the error message when you try selfsigned cert?
On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>
> Hello to you,
>
> I have ever tried to the self cert, but it is still problem...
> BTW, for the VH ( Virtual Host ) config, how to convert http to https ?
> Due to http need the 80 port, and https need the 443 port...
>
> Thanks !
>
> Edward.
>
>
> Serge Dubrouski wrote:
>
> This guide tells you how to create your own Certificate Authority. You
> can't use CA cert as a server SSL cert you have to use it for signing
> server cert. See OpenSSL documentation for this or try to use this:
>
> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert
>
> On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>
>
> Hello,
>
> Following this guide !
> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca
>
> Edward.
>
>
> Serge Dubrouski wrote:
>
> Where did you get you SSL certificate? Look like it's not the right one.
>
> On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>
>
> Dear All,
>
> I can't to enable the https as the following :
>
> <VirtualHost webmail.ita.org.mo>
> Redirect / https://webmail.ita.org.mo:443
> </VirtualHost>
>
> <VirtualHost webmail.ita.org.mo>
> DocumentRoot ...
> ServerName webmail.ita.org.mo
> ErrorLog ...
> TransferLog ...
> SSLEngine on
> SSLCertificateFile server.crt
> SSLCertificateKeyFile server.key
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> SSLOptions +StdEnvVars
> </Files>
> <Directory "/var/www/cgi-bin">
> SSLOptions +StdEnvVars
> </Directory>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> CustomLog /var/log/itawm-ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> </VirtualHost>
>
>
> error log of web server :
> [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
> [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
>
> ssl error log :
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost.localdomain' does NOT match server name!?
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost.localdomain' does NOT match server name!?
>
> So, what mistake about the config ?
>
> Remark : The ssl is self-signed SSL Certificate, and the Web Server come
> with FC6 System.
>
> Thanks !
>
> Edward.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
>
>
>
>
>
>
>
>
--
Serge Dubrouski.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] https can;t be good for work
Posted by ed...@ita.org.mo.
Hello to you,
I have ever tried to the self cert, but it is still problem...
BTW, for the VH ( Virtual Host ) config, how to convert http to https ?
Due to http need the 80 port, and https need the 443 port...
Thanks !
Edward.
Serge Dubrouski wrote:
>This guide tells you how to create your own Certificate Authority. You
>can't use CA cert as a server SSL cert you have to use it for signing
>server cert. See OpenSSL documentation for this or try to use this:
>
>http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert
>
>On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>
>
>> Hello,
>>
>> Following this guide !
>> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca
>>
>> Edward.
>>
>>
>> Serge Dubrouski wrote:
>>
>> Where did you get you SSL certificate? Look like it's not the right one.
>>
>>On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>>
>>
>> Dear All,
>>
>>I can't to enable the https as the following :
>>
>><VirtualHost webmail.ita.org.mo>
>>Redirect / https://webmail.ita.org.mo:443
>></VirtualHost>
>>
>><VirtualHost webmail.ita.org.mo>
>>DocumentRoot ...
>>ServerName webmail.ita.org.mo
>>ErrorLog ...
>>TransferLog ...
>>SSLEngine on
>>SSLCertificateFile server.crt
>>SSLCertificateKeyFile server.key
>><Files ~ "\.(cgi|shtml|phtml|php3?)$">
>> SSLOptions +StdEnvVars
>></Files>
>><Directory "/var/www/cgi-bin">
>> SSLOptions +StdEnvVars
>></Directory>
>>SetEnvIf User-Agent ".*MSIE.*" \
>> nokeepalive ssl-unclean-shutdown \
>> downgrade-1.0 force-response-1.0
>>CustomLog /var/log/itawm-ssl_request_log \
>> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>></VirtualHost>
>>
>>
>>error log of web server :
>>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>
>>ssl error log :
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost.localdomain' does NOT match server name!?
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost.localdomain' does NOT match server name!?
>>
>>So, what mistake about the config ?
>>
>>Remark : The ssl is self-signed SSL Certificate, and the Web Server come
>>with FC6 System.
>>
>>Thanks !
>>
>>Edward.
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more
>>info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest:
>>users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
Re: [users@httpd] https can;t be good for work
Posted by Serge Dubrouski <se...@gmail.com>.
This guide tells you how to create your own Certificate Authority. You
can't use CA cert as a server SSL cert you have to use it for signing
server cert. See OpenSSL documentation for this or try to use this:
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert
On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>
> Hello,
>
> Following this guide !
> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca
>
> Edward.
>
>
> Serge Dubrouski wrote:
>
> Where did you get you SSL certificate? Look like it's not the right one.
>
> On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>
>
> Dear All,
>
> I can't to enable the https as the following :
>
> <VirtualHost webmail.ita.org.mo>
> Redirect / https://webmail.ita.org.mo:443
> </VirtualHost>
>
> <VirtualHost webmail.ita.org.mo>
> DocumentRoot ...
> ServerName webmail.ita.org.mo
> ErrorLog ...
> TransferLog ...
> SSLEngine on
> SSLCertificateFile server.crt
> SSLCertificateKeyFile server.key
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> SSLOptions +StdEnvVars
> </Files>
> <Directory "/var/www/cgi-bin">
> SSLOptions +StdEnvVars
> </Directory>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> CustomLog /var/log/itawm-ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> </VirtualHost>
>
>
> error log of web server :
> [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
> [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
>
> ssl error log :
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost.localdomain' does NOT match server name!?
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost.localdomain' does NOT match server name!?
>
> So, what mistake about the config ?
>
> Remark : The ssl is self-signed SSL Certificate, and the Web Server come
> with FC6 System.
>
> Thanks !
>
> Edward.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
>
>
>
--
Serge Dubrouski.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] https can;t be good for work
Posted by ed...@ita.org.mo.
Hello,
Following this guide !
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca
Edward.
Serge Dubrouski wrote:
>Where did you get you SSL certificate? Look like it's not the right one.
>
>On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
>
>
>>Dear All,
>>
>>I can't to enable the https as the following :
>>
>><VirtualHost webmail.ita.org.mo>
>>Redirect / https://webmail.ita.org.mo:443
>></VirtualHost>
>>
>><VirtualHost webmail.ita.org.mo>
>>DocumentRoot ...
>>ServerName webmail.ita.org.mo
>>ErrorLog ...
>>TransferLog ...
>>SSLEngine on
>>SSLCertificateFile server.crt
>>SSLCertificateKeyFile server.key
>><Files ~ "\.(cgi|shtml|phtml|php3?)$">
>> SSLOptions +StdEnvVars
>></Files>
>><Directory "/var/www/cgi-bin">
>> SSLOptions +StdEnvVars
>></Directory>
>>SetEnvIf User-Agent ".*MSIE.*" \
>> nokeepalive ssl-unclean-shutdown \
>> downgrade-1.0 force-response-1.0
>>CustomLog /var/log/itawm-ssl_request_log \
>> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>></VirtualHost>
>>
>>
>>error log of web server :
>>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost' does NOT match server name!?
>>
>>ssl error log :
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost.localdomain' does NOT match server name!?
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
>>`localhost.localdomain' does NOT match server name!?
>>
>>So, what mistake about the config ?
>>
>>Remark : The ssl is self-signed SSL Certificate, and the Web Server come
>>with FC6 System.
>>
>>Thanks !
>>
>>Edward.
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>>
>
>
>
>
Re: [users@httpd] https can;t be good for work
Posted by Serge Dubrouski <se...@gmail.com>.
Where did you get you SSL certificate? Look like it's not the right one.
On 9/21/07, edwardspl@ita.org.mo <ed...@ita.org.mo> wrote:
> Dear All,
>
> I can't to enable the https as the following :
>
> <VirtualHost webmail.ita.org.mo>
> Redirect / https://webmail.ita.org.mo:443
> </VirtualHost>
>
> <VirtualHost webmail.ita.org.mo>
> DocumentRoot ...
> ServerName webmail.ita.org.mo
> ErrorLog ...
> TransferLog ...
> SSLEngine on
> SSLCertificateFile server.crt
> SSLCertificateKeyFile server.key
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> SSLOptions +StdEnvVars
> </Files>
> <Directory "/var/www/cgi-bin">
> SSLOptions +StdEnvVars
> </Directory>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> CustomLog /var/log/itawm-ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> </VirtualHost>
>
>
> error log of web server :
> [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
> [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost' does NOT match server name!?
>
> ssl error log :
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost.localdomain' does NOT match server name!?
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN)
> `localhost.localdomain' does NOT match server name!?
>
> So, what mistake about the config ?
>
> Remark : The ssl is self-signed SSL Certificate, and the Web Server come
> with FC6 System.
>
> Thanks !
>
> Edward.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Serge Dubrouski.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] https can;t be good for work
Posted by ed...@ita.org.mo.
Sander Temme wrote:
>
> On Sep 21, 2007, at 7:50 AM, edwardspl@ita.org.mo wrote:
>
>> <VirtualHost webmail.ita.org.mo>
>> Redirect / https://webmail.ita.org.mo:443
>> </VirtualHost>
>
>
> That's fine.
>
>> <VirtualHost webmail.ita.org.mo>
>
>
> On what port is this vhost listening?
>
> In one your configuration files, you probably have a 'Listen 80'. Not
> specifying a port number in the <VirtualHost> directive will (correct
> me if I'm wrong guys) cause that virtualhost to listen on all
> configured listening ports. So, you'll need:
>
> Listen 80 (you already have that)
> Listen 443
>
> <VirtualHost webmail.ita.org.mo:80>
> .. Redirect ..
> </VirtualHost>
>
> <VirtualHost webmail.ita.org.mo:443>
> ..
> SSLEngine on
> ..
> </VirtualHost>
>
> The Listen 443 causes Apache to attach to that port, the port numbers
> in the <VirtualHost> directives are there to make them match only to
> requests on that port.
>
> S.
>
Hello Sander,
So, do you means as the following ?
NameVirtualHost ip_address
Listen 80
Listen 443
<VirtualHost webmail.ita.org.mo:80>
Redirect / https://webmail.ita.org.mo:443
</VirtualHost>
<VirtualHost webmail.ita.org.mo:443>
Servername webmail.ita.org.mo:443
SSLEngine on
..
</VirtualHost>
Is it right now ?
BTW, after setup the ssl files ( self-signed SSL Certificate ), I had
enter the full domain_name...
BUT the error message :
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:40:04 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 23:52:36 2007] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
Edward.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] https can;t be good for work
Posted by Sander Temme <sc...@apache.org>.
On Sep 21, 2007, at 7:50 AM, edwardspl@ita.org.mo wrote:
> <VirtualHost webmail.ita.org.mo>
> Redirect / https://webmail.ita.org.mo:443
> </VirtualHost>
That's fine.
> <VirtualHost webmail.ita.org.mo>
On what port is this vhost listening?
In one your configuration files, you probably have a 'Listen 80'.
Not specifying a port number in the <VirtualHost> directive will
(correct me if I'm wrong guys) cause that virtualhost to listen on
all configured listening ports. So, you'll need:
Listen 80 (you already have that)
Listen 443
<VirtualHost webmail.ita.org.mo:80>
.. Redirect ..
</VirtualHost>
<VirtualHost webmail.ita.org.mo:443>
..
SSLEngine on
..
</VirtualHost>
The Listen 443 causes Apache to attach to that port, the port numbers
in the <VirtualHost> directives are there to make them match only to
requests on that port.
S.
--
Sander Temme
sctemme@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
[users@httpd] Re: https can;t be good for work
Posted by ed...@ita.org.mo.
James Kosin wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>edwardspl@ita.org.mo wrote:
>
>
>>Dear All,
>>
>>I can't to enable the https as the following :
>>
>><VirtualHost webmail.ita.org.mo>
>>Redirect / https://webmail.ita.org.mo:443
>></VirtualHost>
>>
>><VirtualHost webmail.ita.org.mo>
>>DocumentRoot ...
>>ServerName webmail.ita.org.mo
>>ErrorLog ...
>>TransferLog ...
>>SSLEngine on
>>SSLCertificateFile server.crt
>>SSLCertificateKeyFile server.key
>><Files ~ "\.(cgi|shtml|phtml|php3?)$">
>> SSLOptions +StdEnvVars
>></Files>
>><Directory "/var/www/cgi-bin">
>> SSLOptions +StdEnvVars
>></Directory>
>>SetEnvIf User-Agent ".*MSIE.*" \
>> nokeepalive ssl-unclean-shutdown \
>> downgrade-1.0 force-response-1.0
>>CustomLog /var/log/itawm-ssl_request_log \
>> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>></VirtualHost>
>>
>>
>>error log of web server :
>>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName
>>(CN) `localhost' does NOT match server name!?
>>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName
>>(CN) `localhost' does NOT match server name!?
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName
>>(CN) `localhost' does NOT match server name!?
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName
>>(CN) `localhost' does NOT match server name!?
>>
>>ssl error log :
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName
>>(CN) `localhost.localdomain' does NOT match server name!?
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA
>>certificate (BasicConstraints: CA == TRUE !?)
>>[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName
>>(CN) `localhost.localdomain' does NOT match server name!?
>>
>>So, what mistake about the config ?
>>
>>Remark : The ssl is self-signed SSL Certificate, and the Web Server
>>come with FC6 System.
>>
>>Thanks !
>>
>>Edward.
>>
>>
>>
>Edward,
>
>You didn't do anything wrong. You will have to create a certificate
>for webmail.ita.org.mo for this to work without the warnings. The
>default cert does not handle external connections...
>I believe the cets will be in the /etc/httpd/conf directory.
>
>
>
Hello Jame,
After the config and restart the web server...
I found that we can't to connect to http://webmail.ita.org.mo ( include
redirect problem : https ) !
So, would you mind to give me more help ?
Thanks !
Edward.