Re: Named seems to have broken SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A. Rick Anderson wrote:
Alexander Dalloz wrote: 
Am Fr, den 21.01.2005 schrieb A. Rick Anderson um 4:19:
  
While trying to get a canonical version of chooted 'named' running,
something I did seems to have broken SSL.  The certificate being
presented for every https site is claims to be from "localhost.localdomain".
    
I really doubt one has to do with the other. SSL cert issued from
"localhost.localdomain" (this is "hardcoded" information in the cert
file) is the default certificate, to be found under
/etc/httpd/conf/ssl.crt/. For a custom cert you will have to explicitly
give it the real service hostname as CN. 
  
Any idea which file I broke that would be messing up SSL?  Could this be
related to rndc.key configuation?
    
To the last question: no, hardly.
The part that confuses me is that named and dhcpd are the only services I have been meddling with, and obviously, the site https://www6.software.ibm.com/developerworks/education/l-lpndns/l-lpndns-3-1.html is not really presenting my browsers (both mozilla and firefox) with a certificate from localhost.localdomain.

What would be causing my browsers to grab the wrong certificate for https sites?
-- A. Rick Anderson
Ok, I found an oddity.
[root@Anar etc]# ping www6.software.ibm.com
PING www6.software.ibm.com (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=0 ttl=64 time=0.026 ms

For some reason, certain external routes, particularly https routes, are being resolved to localhost.  Then my browsers are attempting to open an SSL connection with localhost.  Since the only certificate that local host has is the default certificate, that is the certificate presented, and the communication fails, since local host doesn't have the URI that the browser is attempting to load.

So, my DNS configuration is now resolving external hosts locally, but it still can't resolve local dynamic workstations.  <sigh> 
-- A. Rick Anderson
***********************************************************
If I didn't have bad luck, I wouldn't have any luck at all.
***********************************************************
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux