Your problem is that you previously had a certificate that you probably generated that had serial number "00" for the first certificate. When you generated your new certificate, you generated it with the same serial number of "00". Now if any web browser has the old certificate saved, it will fail because it's seeing a different certificate for the same site with the same serial number. You have to options to fix this. Delete the saved certificate on any browser that might have it saved, or generate a new certificate with the serial incremented by one. I actual did this once before, but would have to go back through my docs to remember how. I don't think it was to difficult I think you can set it via command line or in the openssl.cnf file.
On Sun, 2004-10-10 at 22:43, Greg Brown wrote: > I must be looking over something very obvious. I reinstalled my server > OS, CentOS in this case, and installed http via yum. I also installed > openssl and created a key using the following command: > > openssl req -new -x509 -extensions v3_ca -keyout \ > private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf > > I then installed mod_ssl from yum which perviously, after the first two > steps, would allow me to use https encryption. For some reason I now > get an error when I try to access my web server via https. The error > is: > > "You have received an invalid certificate. Please contact the server > administrator or email correspondent and give them the following > information: > > Your certificate contains the same serial number as another certificate > issued by the certificate authority. Please get a new certificate > containing > a unique serial number." > > I'm fairly tired so I think I'm missing something really basic. All > I'm doing is using a self-signed key. The browser (safari, firefox) > should use this certificate but warn the user that it's self-signed. > > Where am I going wrong? > > Greg -- David A. Cafaro dac(at)trilug.org Admin to User: "You did what!?!?!" -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
