On Thu, Feb 25, 1999, GOMEZ Henri wrote:
> Since I run a dual homed machine, the FQDN is not clear. Who determine
> the correct name, apache/mod_ssl or the browser ???
The browser. Apache+mod_ssl accepts any FQDN in the certificate, of course.
> It's not clear for me if I must consider the web server as a user and so
> have to generate a cert for him with mca ???
Depends on your point of view. Usually you don't use mca to create a server
cert. Use `make certificate' for this.
> where is the index.txt file used in ssleay ?
index.txt? That's generated file from ssleay ca AFAIK.
You don't need it with mca.sh...
> During my play I saw in ssl_engine_log :
>
> [error] SSLeay: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert
> bad certificate [Hint: Subject CN in certificate not server name!?]
>
> What does it mean ???
That the Common Name (CN) in the cert perhaps doesn't match the FQDN in the
used URL to access the cite. But that's only _one_ possibility for this alert,
of course. It can be also that the certificate is incorrect in any way.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]