Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Web Servers and Web App Development
  Previous topic | Next topic 
Author Message
jollyjumper
PostPosted: Wed Apr 14, 2010 7:39 am 
Offline
Senior Newbie

Joined: Sun Apr 11, 2010 11:56 am
Posts: 15
Hi,

My be someone can help me to figure out what's wrong with my configuration.
I'm tring to configure an https domain with a Self-Signed Certificate. After mainy different configs I still receive this error:
RSA server certificate CommonName (CN) `localhost' does NOT match server name!?
Strange I supress every where '`localhost' !

My comon name match my website address. I did a check with openssl x509 -subject -in /etc/ssl/certs/server.crt

To install and generate the certificate I did:
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
sudo cp server.crt /etc/ssl/certs
(FYI: here the prompt says "cp: `server.crt' and `/etc/ssl/certs/server.crt' are the same file" I'mnot sure what that means?)
sudo cp server.key /etc/ssl/private

What I have at this stage as as configuration is:
I'm on Ubuntu 9.10 with Apache 2.

My hosts file is:
127.0.0.1 myHostName localhost
myLinodeIp myHostName.MyWebSIte.com myHostName

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

I have as a hostname: myHostName

My ports.conf is:
NameVirtualHost myIpAddress:80
Listen 80
<IfModule mod_ssl.c>
# SSL name based virtual hosts are not yet supported, therefore no
# NameVirtualHost statement here
Listen myPort
</IfModule>

My ssl Virtual hosts
NameVirtualHost myIp:myPort
<IfModule mod_ssl.c>
<VirtualHost myIp:myPort>
ServerName https://myDomain.com:myPort
DocumentRoot /srv/www/myDomain.com/public_html
<Directory "/srv/www/ssl. myDomain.com/public_html">
Options FollowSymLinks
AllowOverride None
</Directory>
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateChainFile /etc/ssl/certs/server.crt
SSLCACertificateFile /etc/ssl/certs/server.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>


Any thoughts.
Thanks alot.

Jean

_________________
Jean
Top
   
Reply with quote  
Alucard
 Post subject:
PostPosted: Thu Apr 15, 2010 1:13 pm 
Offline
Senior Member

Joined: Wed Feb 13, 2008 2:40 pm
Posts: 126
When generating your CSR, you must properly give your FQDN (e.g. www.example.com)

Quote:
$ openssl req -new -key /tmp/test.key -out /tmp/test.csr
Enter pass phrase for /tmp/test.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []: www.example.com
Top
   
Reply with quote  
jollyjumper
 Post subject:
PostPosted: Thu Apr 15, 2010 10:00 pm 
Offline
Senior Newbie

Joined: Sun Apr 11, 2010 11:56 am
Posts: 15
Hi Alucard. Thanks for your feedback. Yes you're correct FQDN = Comon name, which is my case.
The problem seems a bit odd. When I generated a new certificate, I was coping it to the same directory then the old one, which I allready had removed.
By some quirck of the system, it appears somethings stayed in the computer memory, throwing the message "cp: `server.crt' and `/etc/ssl/certs/server.crt' are the same file" and not allowing the new file to be saved. In order to avoid this behavior I just had to generate the certificate with another name.

I also rearrange a little my virtualhost config.

NameVirtualHost xxx.xx.xxx.xx:port
<IfModule mod_ssl.c>
<VirtualHost xxx.xx.xxx.xx:port>
ServerName my.domaine.com:port
DocumentRoot /srv/www/my.domaine.com/public_html
RedirectPermanent / https://my.domaine.com
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/srv/www/my.domaine.com/public_html/">
SSLRequireSSL
SSLOptions +StrictRequire
Options -Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/my.domain.com.pem
SSLCertificateKeyFile /etc/ssl/private/my.domain.com.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>

Many thanks,
Jean

_________________
Jean
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Web Servers and Web App Development


Who is online

Users browsing this forum: No registered users and 5 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group