SSL key file with FC6
Philip Prindeville
philipp_subx at redfish-solutions.com
Thu Feb 22 03:37:08 UTC 2007
Tim wrote:
>Joe Orton:
>
>
>>>Use "genkey `hostname`"; you'll have to adjust ssl.conf to point to the
>>>new key/cert filenames afterwards.
>>>
>>>
>
>Philip Prindeville:
>
>
>>FQDN or hostname only?
>>
>>
>
>The certificate should match the address that you access the server by.
>
>
>
Well, the "hostname" returns mail, but the rDNS for eth0 on this
machine is mail.redfish-solutions.com. So I ran "genkey mail",
and the first thing I noticed was that it generated the file:
/etc/pki/tls/certs/mail.cert
instead of mail.crt, which seems to be what most config files
are expected (at least for /etc/httpd/conf.d/ssl.conf). Is this a known
issue?
And even though when asked for the FQDN name for the
machine I gave it (mail.redfish-solutions.com), I'm still seeing:
% tail /var/log/httpd/ssl_error_log
[Wed Feb 21 20:23:54 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Feb 21 20:23:55 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
Is this significant?
-Philip
More information about the fedora-list
mailing list