On Fri, Nov 09, 2001 at 03:17:39PM +0100, Jakub Jermar wrote:
> Hi, I am trying to generate a self-signed certificate for one of my
> virtual webservers.
> The problem is that no matter what I enter as CN when asked by the
> second command below,
> the certificate is not created for the hostname I want
> (admin.frakira.cz, but for lexus.frakira.cz, which is the machine's
> name). These are the commands I used (I followed the man page):
> 
> # openssl genrsa -out /etc/ssl/private/admin.frakira.cz.key 1024
> # openssl req -new -key /etc/ssl/private/admin.frakira.cz.key -out
> /etc/ssl/private/admin.frakira.cz.csr 
> # openssl x509 -req -days 365 -in /etc/ssl/private/admin.frakira.cz.csr
> -signkey /etc/ssl/private/admin.frakira.cz.key -out
> /etc/ssl/admin.frakira.cz.crt
> 
> When I enter the last one, everything looks OK ... it outputs something
> about that the signature is ok and the DN, which is - as of this moment
> - exactly what I want. But when I try to open https://admin.frakira.cz,
> it complains about the certificate belonging to lexus.frakira.cz...
> (Yes, I did restarted apache).
> 
> So, how do I arrange that the certificate belongs to admin.frakira.cz
> and is signed by lexus.frakira.cz?
> 
> Please, reply directly to my email since the list seems to be rather
> slow in subscribing me that I could miss your reply for the list.
> 
> Thank you in advance,
> Jakub Jermar
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> 

I did some checks eg:
curly@FaiLurE:ttyp6 curly $ dnsip lexus.frakira.cz
217.11.254.38 217.11.254.38
curly@FaiLurE:ttyp6 curly $ dnsip admin.frakira.cz
217.11.254.38 217.11.254.38

I see, they are at same IP - gotcha :)
Read carefully about certification and virtual hosting in apache/mod_ssl documentation.
On same IP/port you can have only 1 cert.
apache gives you warning about that certificate for xxxx overlaping
certificate for yyyy - check your apache logs.
you must use deferent IP or/and port for virtualhosts, if you wanna diferent
certificates for each virt.

-- 
rgdz
        curly
--------------------
http://www.e-card.bg
--------------------
PGP keyID: 0xCB6681D8
Key fingerprint = 5A 7B 24 E3 9F CE FF 03  E9 FE D0 BD 81 27 08 2C  CB 66 81 D8

Attachment: msg21634/pgp00000.pgp
Description: PGP signature

Reply via email to