Oh well, sorry it didn't help. Good luck! -David
On Mon, 2004-10-11 at 00:06, Greg Brown wrote: > Nope, still having the same issue with firefox even after building the > new cert with the -set_serial 01 option. I'll try again in the morning, > it's just too late now. > > But thanks very much for the pointer! > > Greg > > On Oct 10, 2004, at 10:55 PM, David A. Cafaro wrote: > > > Ok found it, try the "-set_serial 01" option, that should do it. > > > > -David > > > > On Sun, 2004-10-10 at 22:51, David A. Cafaro wrote: > >> Your problem is that you previously had a certificate that you > >> probably > >> generated that had serial number "00" for the first certificate. When > >> you generated your new certificate, you generated it with the same > >> serial number of "00". Now if any web browser has the old certificate > >> saved, it will fail because it's seeing a different certificate for > >> the > >> same site with the same serial number. You have to options to fix > >> this. Delete the saved certificate on any browser that might have it > >> saved, or generate a new certificate with the serial incremented by > >> one. I actual did this once before, but would have to go back through > >> my docs to remember how. I don't think it was to difficult I think > >> you > >> can set it via command line or in the openssl.cnf file. > >> > >> > >> On Sun, 2004-10-10 at 22:43, Greg Brown wrote: > >>> I must be looking over something very obvious. I reinstalled my > >>> server > >>> OS, CentOS in this case, and installed http via yum. I also > >>> installed > >>> openssl and created a key using the following command: > >>> > >>> openssl req -new -x509 -extensions v3_ca -keyout \ > >>> private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf > >>> > >>> I then installed mod_ssl from yum which perviously, after the first > >>> two > >>> steps, would allow me to use https encryption. For some reason I now > >>> get an error when I try to access my web server via https. The error > >>> is: > >>> > >>> "You have received an invalid certificate. Please contact the server > >>> administrator or email correspondent and give them the following > >>> information: > >>> > >>> Your certificate contains the same serial number as another > >>> certificate > >>> issued by the certificate authority. Please get a new certificate > >>> containing > >>> a unique serial number." > >>> > >>> I'm fairly tired so I think I'm missing something really basic. All > >>> I'm doing is using a self-signed key. The browser (safari, firefox) > >>> should use this certificate but warn the user that it's self-signed. > >>> > >>> Where am I going wrong? > >>> > >>> Greg > >> -- > >> David A. Cafaro > >> dac(at)trilug.org > >> Admin to User: "You did what!?!?!" > > -- > > David A. Cafaro > > dac(at)trilug.org > > Admin to User: "You did what!?!?!" > > > > -- > > TriLUG mailing list : > > http://www.trilug.org/mailman/listinfo/trilug > > TriLUG Organizational FAQ : http://trilug.org/faq/ > > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > > TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc > > -- David A. Cafaro dac(at)trilug.org Admin to User: "You did what!?!?!" -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
