Ok found it, try the "-set_serial 01" option, that should do it. -David
On Sun, 2004-10-10 at 22:51, David A. Cafaro wrote: > Your problem is that you previously had a certificate that you probably > generated that had serial number "00" for the first certificate. When > you generated your new certificate, you generated it with the same > serial number of "00". Now if any web browser has the old certificate > saved, it will fail because it's seeing a different certificate for the > same site with the same serial number. You have to options to fix > this. Delete the saved certificate on any browser that might have it > saved, or generate a new certificate with the serial incremented by > one. I actual did this once before, but would have to go back through > my docs to remember how. I don't think it was to difficult I think you > can set it via command line or in the openssl.cnf file. > > > On Sun, 2004-10-10 at 22:43, Greg Brown wrote: > > I must be looking over something very obvious. I reinstalled my server > > OS, CentOS in this case, and installed http via yum. I also installed > > openssl and created a key using the following command: > > > > openssl req -new -x509 -extensions v3_ca -keyout \ > > private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf > > > > I then installed mod_ssl from yum which perviously, after the first two > > steps, would allow me to use https encryption. For some reason I now > > get an error when I try to access my web server via https. The error > > is: > > > > "You have received an invalid certificate. Please contact the server > > administrator or email correspondent and give them the following > > information: > > > > Your certificate contains the same serial number as another certificate > > issued by the certificate authority. Please get a new certificate > > containing > > a unique serial number." > > > > I'm fairly tired so I think I'm missing something really basic. All > > I'm doing is using a self-signed key. The browser (safari, firefox) > > should use this certificate but warn the user that it's self-signed. > > > > Where am I going wrong? > > > > Greg > -- > David A. Cafaro > dac(at)trilug.org > Admin to User: "You did what!?!?!" -- David A. Cafaro dac(at)trilug.org Admin to User: "You did what!?!?!" -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
