logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Typo when I created SSL Cert. How to fix?
Author
mewbie



Joined: 23 May 2009
Posts: 25

PostPosted: Mon 08 Jun '09 2:12    Post subject: Typo when I created SSL Cert. How to fix? Reply with quote

using: Linux Debian / apache2-mpm-prefork 2.2.9-10+lenny2
Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny3 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0

I must have made a typo when creating my ssl-cert as I have this error in logs:
[Sun Jun 07 18:16:44 2009] [warn] RSA server certificate CommonName (CN) `lomysite.com' does NOT match server name!?

And on my saved cert in firefox it says lomysite.com

the 'lo' shouldn't be there, maybe it said localhost and I didn't clear it when making cert. This is how I made the cert:
mkdir /etc/apache2/ssl
/usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

Thank you so much for your time
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Mon 08 Jun '09 10:04    Post subject: Reply with quote

I never worked with /usr/sbin/make-ssl-cert. Did you edit the ssleay.cnf ? And edit subjectAltName for your needs?
Back to top
mewbie



Joined: 23 May 2009
Posts: 25

PostPosted: Mon 08 Jun '09 14:19    Post subject: Reply with quote

Thank you James Blond.
Quote:
Did you edit the ssleay.cnf ? And edit subjectAltName for your needs?

I only did those steps above which prompted me to enter info like my host address, I didn't know how to maneuver in that window very well so thats why thought I must have typed wrong or didn't clear localhost fully when I typed in my mysite.com , hit ok, it exited.. and that was that.

SSL https is working. I'm just thinking I should fix this to prevent possible future problems.. (like I'm having with AjaxTerm maybe this is effecting it).

I think this where I got the info to do those commands:
http://ubuntuforums.org/archive/index.php/t-405786.html

When I try to repeat the steps (hoping I can fix it) I get permission denied.

out of curiosity after your question I took at look at the
/usr/share/ssl-cert/ssleay.cnf file and it has this only:

#
# SSLeay example configuration file.
#

RANDFILE = /dev/urandom

[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
prompt = no
policy = policy_anything

[ req_distinguished_name ]
commonName = @HostName@
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Tue 09 Jun '09 9:52    Post subject: Reply with quote

Mine is much longer. I hat to edit

Code:

[ v3_ca ]
subjectAltName =


I posted it at http://pastebin.com/md66a33a

my build command under windows

Code:

@echo off
set OPENSSL_CONF=./bin/openssl.cnf

if not exist .\conf\ssl.crt mkdir .\conf\ssl.crt
if not exist .\conf\ssl.key mkdir .\conf\ssl.key

bin\openssl req -new -out server.csr
bin\openssl rsa -in privkey.pem -out server.key
bin\openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365

set OPENSSL_CONF=
REM del .rnd
REM del privkey.pem
REM del server.csr

REM move /y server.crt .\conf\ssl.crt
REM move /y server.key .\conf\ssl.key

echo.
echo -----
echo Das Zertifikat wurde erstellt.
echo The certificate was provided.
echo.
pause
Back to top
mewbie



Joined: 23 May 2009
Posts: 25

PostPosted: Fri 12 Jun '09 4:43    Post subject: Reply with quote

Thank you JamesBlond for your reply. Very Happy
Though I still don't understand how to edit change my host name to be correct as it's not listed in that file (/usr/share/ssl-cert/ssleay.cnf) nor is the line:
Quote:
[ v3_ca ]
subjectAltName =


It's not reading that mistake from there as the lomysite.com is not on that file - I pasted the unedited complete file above.

SSL is working, it's just error about not matching host name which I'm sure is because of the lomysite.com .


Thank you again
driving me crazy how to fix this.. just soooo many files/directories/confusion and seems everyone's is just a little bit different :p
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Fri 12 Jun '09 8:32    Post subject: Reply with quote

If this is just a self signed .. wouldn't it be easier to just make a new one?
Back to top
mewbie



Joined: 23 May 2009
Posts: 25

PostPosted: Sat 13 Jun '09 7:42    Post subject: Reply with quote

Thx glsmith Smile I thought so too. So I tried to do the same cmd's as originally I used to create it, but I was denied permission. I thought to try another method but then thought:
1. The error might still be there since different method and more problems
2. & Why cant i just edit that
Back to top
mewbie



Joined: 23 May 2009
Posts: 25

PostPosted: Sat 27 Jun '09 16:11    Post subject: Reply with quote

Solved it, was easy.. just being a scaredy cat.
Will post how I fixed it just in case anyone with same problem:
I renamed the file apache.pem to anything to be safe instead of deleting it. It's here:
/etc/apache2/ssl/apache.pem
Then I run the same cmd again:
/usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

It prompts me, as before, only for commonName' field of which I fixed the typo.
/etc/init.d/apache2 restart

Done, no more errors

Mr. Green

still have non working ajaxterm though Sad
Back to top


Reply to topic   Topic: Typo when I created SSL Cert. How to fix? View previous topic :: View next topic
Post new topic   Forum Index -> Apache