Tim wrote: >Joe Orton: > > >>>Use "genkey `hostname`"; you'll have to adjust ssl.conf to point to the >>>new key/cert filenames afterwards. >>> >>> > >Philip Prindeville: > > >>FQDN or hostname only? >> >> > >The certificate should match the address that you access the server by. > > > Well, the "hostname" returns mail, but the rDNS for eth0 on this machine is mail.redfish-solutions.com. So I ran "genkey mail", and the first thing I noticed was that it generated the file: /etc/pki/tls/certs/mail.cert instead of mail.crt, which seems to be what most config files are expected (at least for /etc/httpd/conf.d/ssl.conf). Is this a known issue? And even though when asked for the FQDN name for the machine I gave it (mail.redfish-solutions.com), I'm still seeing: % tail /var/log/httpd/ssl_error_log [Wed Feb 21 20:23:54 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Feb 21 20:23:55 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) Is this significant? -Philip
