[CentOS] Self-signed certificates

Mon Jan 23 22:46:58 UTC 2006
Thomas E Dukes <edukes at alltel.net>


> -----Original Message-----
> From: centos-bounces at centos.org 
> [mailto:centos-bounces at centos.org] On Behalf Of Jim Perrin
> Sent: Monday, January 23, 2006 5:29 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] Self-signed certificates
> > > > Just tried those instructions and got the same result.  
> Does the 
> > > > certificate name have to be called 'server'
> > >
> > > No, but that's the default. If you change it to something 
> else, then 
> > > you need to edit /etc/httpd/conf.d/ssl.conf to match.
> >
> > I tried putting the info for the secure sub-domain in the ssl.conf 
> > with the name of the sub-domain certificate but that didn't work 
> > either.  Still shows the certificate for the top-level domain.  :-(
> Hmm, maybe I'm not clear on what you're trying to do. Is this 
> a virtual host? Is it a Name based virtual host? ssl is done 
> per ip, so if you're doing name based virtual hosting, you 
> only get one cert, unless you change to a non-standard https 
> port for your second secure host.

Yes, this is a named based virtual host.

It must be stuck on being named 'server'.  I changed/renamed the
subdomain.key and subdomain.crt to server.key and server.crt and now get the
proper name on the certificate for the sub-domain but now don't have a
certificate for the top level domain.

> The way around this (not a GOOD way, but a way) is to 
> generate an ssl cert for *.domain.com. This way it's valid 
> for all subdomains.

Hmmm. I'll give that a try.  Not really interested in the error about being
'self-signed' (issuing authority) but just want the name to be right and the
security to be there.

Will try and let you know.