Re: SSL key file with FC6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim wrote:

>Joe Orton:
>  
>
>>>Use "genkey `hostname`"; you'll have to adjust ssl.conf to point to the 
>>>new key/cert filenames afterwards.
>>>      
>>>
>
>Philip Prindeville:
>  
>
>>FQDN or hostname only?
>>    
>>
>
>The certificate should match the address that you access the server by.
>
>  
>

Well, the "hostname" returns mail, but the rDNS for eth0 on this
machine is mail.redfish-solutions.com.  So I ran "genkey mail",
and the first thing I noticed was that it generated the file:

/etc/pki/tls/certs/mail.cert

instead of mail.crt, which seems to be what most config files
are expected (at least for /etc/httpd/conf.d/ssl.conf).  Is this a known
issue?

And even though when asked for the FQDN name for the
machine I gave it (mail.redfish-solutions.com), I'm still seeing:

% tail /var/log/httpd/ssl_error_log
[Wed Feb 21 20:23:54 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Feb 21 20:23:55 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)


Is this significant?

-Philip


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux