[TriLUG] it's late.. ssl question
Greg Brown
gregbrown at mindspring.com
Mon Oct 11 00:06:46 EDT 2004
Nope, still having the same issue with firefox even after building the
new cert with the -set_serial 01 option. I'll try again in the morning,
it's just too late now.
But thanks very much for the pointer!
Greg
On Oct 10, 2004, at 10:55 PM, David A. Cafaro wrote:
> Ok found it, try the "-set_serial 01" option, that should do it.
>
> -David
>
> On Sun, 2004-10-10 at 22:51, David A. Cafaro wrote:
>> Your problem is that you previously had a certificate that you
>> probably
>> generated that had serial number "00" for the first certificate. When
>> you generated your new certificate, you generated it with the same
>> serial number of "00". Now if any web browser has the old certificate
>> saved, it will fail because it's seeing a different certificate for
>> the
>> same site with the same serial number. You have to options to fix
>> this. Delete the saved certificate on any browser that might have it
>> saved, or generate a new certificate with the serial incremented by
>> one. I actual did this once before, but would have to go back through
>> my docs to remember how. I don't think it was to difficult I think
>> you
>> can set it via command line or in the openssl.cnf file.
>>
>>
>> On Sun, 2004-10-10 at 22:43, Greg Brown wrote:
>>> I must be looking over something very obvious. I reinstalled my
>>> server
>>> OS, CentOS in this case, and installed http via yum. I also
>>> installed
>>> openssl and created a key using the following command:
>>>
>>> openssl req -new -x509 -extensions v3_ca -keyout \
>>> private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf
>>>
>>> I then installed mod_ssl from yum which perviously, after the first
>>> two
>>> steps, would allow me to use https encryption. For some reason I now
>>> get an error when I try to access my web server via https. The error
>>> is:
>>>
>>> "You have received an invalid certificate. Please contact the server
>>> administrator or email correspondent and give them the following
>>> information:
>>>
>>> Your certificate contains the same serial number as another
>>> certificate
>>> issued by the certificate authority. Please get a new certificate
>>> containing
>>> a unique serial number."
>>>
>>> I'm fairly tired so I think I'm missing something really basic. All
>>> I'm doing is using a self-signed key. The browser (safari, firefox)
>>> should use this certificate but warn the user that it's self-signed.
>>>
>>> Where am I going wrong?
>>>
>>> Greg
>> --
>> David A. Cafaro
>> dac(at)trilug.org
>> Admin to User: "You did what!?!?!"
> --
> David A. Cafaro
> dac(at)trilug.org
> Admin to User: "You did what!?!?!"
>
> --
> TriLUG mailing list :
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
>
More information about the TriLUG
mailing list