Nope, still having the same issue with firefox even after building the
new cert with the -set_serial 01 option. I'll try again in the morning,
it's just too late now.
But thanks very much for the pointer!
Greg
On Oct 10, 2004, at 10:55 PM, David A. Cafaro wrote:
Ok found it, try the "-set_serial 01" option, that should do it.
-David
On Sun, 2004-10-10 at 22:51, David A. Cafaro wrote:
Your problem is that you previously had a certificate that you
probably
generated that had serial number "00" for the first certificate. When
you generated your new certificate, you generated it with the same
serial number of "00". Now if any web browser has the old certificate
saved, it will fail because it's seeing a different certificate for
the
same site with the same serial number. You have to options to fix
this. Delete the saved certificate on any browser that might have it
saved, or generate a new certificate with the serial incremented by
one. I actual did this once before, but would have to go back through
my docs to remember how. I don't think it was to difficult I think
you
can set it via command line or in the openssl.cnf file.
On Sun, 2004-10-10 at 22:43, Greg Brown wrote:
I must be looking over something very obvious. I reinstalled my
server
OS, CentOS in this case, and installed http via yum. I also
installed
openssl and created a key using the following command:
openssl req -new -x509 -extensions v3_ca -keyout \
private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf
I then installed mod_ssl from yum which perviously, after the first
two
steps, would allow me to use https encryption. For some reason I now
get an error when I try to access my web server via https. The error
is:
"You have received an invalid certificate. Please contact the server
administrator or email correspondent and give them the following
information:
Your certificate contains the same serial number as another
certificate
issued by the certificate authority. Please get a new certificate
containing
a unique serial number."
I'm fairly tired so I think I'm missing something really basic. All
I'm doing is using a self-signed key. The browser (safari, firefox)
should use this certificate but warn the user that it's self-signed.
Where am I going wrong?
Greg
--
David A. Cafaro
dac(at)trilug.org
Admin to User: "You did what!?!?!"
--
David A. Cafaro
dac(at)trilug.org
Admin to User: "You did what!?!?!"
--
TriLUG mailing list :
http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
