-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 edwardspl@xxxxxxxxxx wrote: > Dear All, > > I can't to enable the https as the following : > > <VirtualHost webmail.ita.org.mo> > Redirect / https://webmail.ita.org.mo:443 > </VirtualHost> > > <VirtualHost webmail.ita.org.mo> > DocumentRoot ... > ServerName webmail.ita.org.mo > ErrorLog ... > TransferLog ... > SSLEngine on > SSLCertificateFile server.crt > SSLCertificateKeyFile server.key > <Files ~ "\.(cgi|shtml|phtml|php3?)$"> > SSLOptions +StdEnvVars > </Files> > <Directory "/var/www/cgi-bin"> > SSLOptions +StdEnvVars > </Directory> > SetEnvIf User-Agent ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > CustomLog /var/log/itawm-ssl_request_log \ > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > </VirtualHost> > > > error log of web server : > [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName > (CN) `localhost' does NOT match server name!? > [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA > certificate (BasicConstraints: CA == TRUE !?) > [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName > (CN) `localhost' does NOT match server name!? > [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA > certificate (BasicConstraints: CA == TRUE !?) > [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName > (CN) `localhost' does NOT match server name!? > [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA > certificate (BasicConstraints: CA == TRUE !?) > [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName > (CN) `localhost' does NOT match server name!? > > ssl error log : > [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA > certificate (BasicConstraints: CA == TRUE !?) > [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName > (CN) `localhost.localdomain' does NOT match server name!? > [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA > certificate (BasicConstraints: CA == TRUE !?) > [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName > (CN) `localhost.localdomain' does NOT match server name!? > > So, what mistake about the config ? > > Remark : The ssl is self-signed SSL Certificate, and the Web Server > come with FC6 System. > > Thanks ! > > Edward. > Edward, You didn't do anything wrong. You will have to create a certificate for webmail.ita.org.mo for this to work without the warnings. The default cert does not handle external connections... I believe the cets will be in the /etc/httpd/conf directory. - -James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG8+74kNLDmnu1kSkRAnOHAJ9EvaPja3Z4jGuPAY/kUMj02S94VwCfXYrt DO3uDEsCJIWqkt5TC2wIAbM= =8QrE -----END PGP SIGNATURE----- -- Scanned by ClamAV - http://www.clamav.net
