On Fri, Nov 09, 2001 at 03:17:39PM +0100, Jakub Jermar wrote: > Hi, I am trying to generate a self-signed certificate for one of my > virtual webservers. > The problem is that no matter what I enter as CN when asked by the > second command below, > the certificate is not created for the hostname I want > (admin.frakira.cz, but for lexus.frakira.cz, which is the machine's > name). These are the commands I used (I followed the man page): > > # openssl genrsa -out /etc/ssl/private/admin.frakira.cz.key 1024 > # openssl req -new -key /etc/ssl/private/admin.frakira.cz.key -out > /etc/ssl/private/admin.frakira.cz.csr > # openssl x509 -req -days 365 -in /etc/ssl/private/admin.frakira.cz.csr > -signkey /etc/ssl/private/admin.frakira.cz.key -out > /etc/ssl/admin.frakira.cz.crt > > When I enter the last one, everything looks OK ... it outputs something > about that the signature is ok and the DN, which is - as of this moment > - exactly what I want. But when I try to open https://admin.frakira.cz, > it complains about the certificate belonging to lexus.frakira.cz... > (Yes, I did restarted apache). > > So, how do I arrange that the certificate belongs to admin.frakira.cz > and is signed by lexus.frakira.cz? > > Please, reply directly to my email since the list seems to be rather > slow in subscribing me that I could miss your reply for the list. > > Thank you in advance, > Jakub Jermar > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] >
I did some checks eg:
curly@FaiLurE:ttyp6 curly $ dnsip lexus.frakira.cz
217.11.254.38 217.11.254.38
curly@FaiLurE:ttyp6 curly $ dnsip admin.frakira.cz
217.11.254.38 217.11.254.38
I see, they are at same IP - gotcha :)
Read carefully about certification and virtual hosting in apache/mod_ssl documentation.
On same IP/port you can have only 1 cert.
apache gives you warning about that certificate for xxxx overlaping
certificate for yyyy - check your apache logs.
you must use deferent IP or/and port for virtualhosts, if you wanna diferent
certificates for each virt.
--
rgdz
curly
--------------------
http://www.e-card.bg
--------------------
PGP keyID: 0xCB6681D8
Key fingerprint = 5A 7B 24 E3 9F CE FF 03 E9 FE D0 BD 81 27 08 2C CB 66 81 D8
msg21634/pgp00000.pgp
Description: PGP signature
