[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SSL key file with FC6



Tim wrote:

>Joe Orton:
>  
>
>>>Use "genkey `hostname`"; you'll have to adjust ssl.conf to point to the 
>>>new key/cert filenames afterwards.
>>>      
>>>
>
>Philip Prindeville:
>  
>
>>FQDN or hostname only?
>>    
>>
>
>The certificate should match the address that you access the server by.
>
>  
>

Well, the "hostname" returns mail, but the rDNS for eth0 on this
machine is mail.redfish-solutions.com.  So I ran "genkey mail",
and the first thing I noticed was that it generated the file:

/etc/pki/tls/certs/mail.cert

instead of mail.crt, which seems to be what most config files
are expected (at least for /etc/httpd/conf.d/ssl.conf).  Is this a known
issue?

And even though when asked for the FQDN name for the
machine I gave it (mail.redfish-solutions.com), I'm still seeing:

% tail /var/log/httpd/ssl_error_log
[Wed Feb 21 20:23:54 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Feb 21 20:23:55 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)


Is this significant?

-Philip


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]