James Kosin wrote:Hello Jame,-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 edwardspl@xxxxxxxxxx wrote:Dear All, I can't to enable the https as the following : <VirtualHost webmail.ita.org.mo> Redirect / https://webmail.ita.org.mo:443 </VirtualHost> <VirtualHost webmail.ita.org.mo> DocumentRoot ... ServerName webmail.ita.org.mo ErrorLog ... TransferLog ... SSLEngine on SSLCertificateFile server.crt SSLCertificateKeyFile server.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/itawm-ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> error log of web server : [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!? [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!? [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!? [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!? ssl error log : [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? So, what mistake about the config ? Remark : The ssl is self-signed SSL Certificate, and the Web Server come with FC6 System. Thanks ! Edward.Edward, You didn't do anything wrong. You will have to create a certificate for webmail.ita.org.mo for this to work without the warnings. The default cert does not handle external connections... I believe the cets will be in the /etc/httpd/conf directory. After the config and restart the web server... I found that we can't to connect to http://webmail.ita.org.mo ( include redirect problem : https ) ! So, would you mind to give me more help ? Thanks ! Edward. |
