A. Rick Anderson wrote:
A. Rick Anderson wrote:
Alexander Dalloz wrote:
Am Fr, den 21.01.2005 schrieb A. Rick Anderson um 4:19:
While trying to get a canonical version of chooted 'named' running,
something I did seems to have broken SSL. The certificate being
presented for every https site is claims to be from "localhost.localdomain".
I really doubt one has to do with the other. SSL cert issued from
"localhost.localdomain" (this is "hardcoded" information in the cert
file) is the default certificate, to be found under
/etc/httpd/conf/ssl.crt/. For a custom cert you will have to explicitly
give it the real service hostname as CN.
Any idea which file I broke that would be messing up SSL? Could this be
related to rndc.key configuation?
To the last question: no, hardly.
The part that confuses me is that named and dhcpd are the only services
I have been meddling with, and obviously, the site https://www6.software.ibm.com/developerworks/education/l-lpndns/l-lpndns-3-1.html
is not really presenting my browsers (both mozilla and firefox) with a
certificate from localhost.localdomain.
What would be causing my browsers to grab the wrong certificate for
https sites?
-- A. Rick Anderson
Ok, I found an oddity.
[root@Anar etc]# ping www6.software.ibm.com
PING www6.software.ibm.com (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=0 ttl=64 time=0.026 ms
For some reason, certain external routes, particularly https routes,
are being resolved to localhost. Then my browsers are attempting to
open an SSL connection with localhost. Since the only certificate that
local host has is the default certificate, that is the certificate
presented, and the communication fails, since local host doesn't have
the URI that the browser is attempting to load.
So, my DNS configuration is now resolving external hosts locally, but
it still can't resolve local dynamic workstations. <sigh>
Would you believe that the fix was as simple as changing the order of
the name servers in my /etc/resolve.conf file? Why would it hang up on
the first name server for some of the hosts, but not all of them? Too
much freking magic!
TBL: Don't list your local name server first in /etc/resolv.conf.
-- A. Rick Anderson
************************************************************************
When I'm feeling down, I like to whistle.
It makes the neighbor's dog run to the end of his chain and gag himself.
************************************************************************
|
