On 03/04/2014 16:24, Peter Humphrey wrote: > Hello list, > > Almost there now... > > After receiving help from Mick K and the list (thanks again!) I've now some > idea of what I'm doing. > > I've installed OwnCloud to be served over SSL. I've followed the instructions > here[1] to create a self-signed certificate, which is in two files: cloud.crt > and cloud.key. I put both of those under /etc/apache2/private. I ignored the > vague references to intermediate files. The command I gave was: > > # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout cloud.key -out > cloud.crt > > Now when I start Apache I get this warning, twice: > > RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) > > Is this to be expected, or is anyone visiting (none expected though) likely > to > think I'm masquerading as a certification authority? > > [1] > http://www.sslshopper.com/article-how-to-create-and-install-an-apache-self-signed-certificate.html >
What you've done works but you didn't do it the way Apache thinks these things work. You created a signing certs that is to be used to sign other certs, but instead used it as your SSL cert. Apache thinks this is unusual enough to warrant a log entry. To be truthful you don't want to do it that way if only because it's contrary to what other pros except you to have done. Third comment in this blog post gives excellent advice on how to do it better: http://www.turnkeylinux.org/forum/support/20121228/rsa-server-certificate-ca-certificate-error -- Alan McKinnon [email protected]
