On Fri, 2007-09-21 at 22:50 +0800, edwardspl@xxxxxxxxxx wrote: > So, what mistake about the config ? > > Remark : The ssl is self-signed SSL Certificate, and the Web Server > come with FC6 System. A self-signed certificate is not verifiable by other people. There's no third-party countersigning it to say that it's not forged. So it's always regarded as being invalid. To use a self-signed certificate each user has got to make a personal decision to trust it, without anything to bolster that decision. Unlike how counter-signed certificates are usually handled by the browser - if it's signed by something it's pre-programmed to trust, like Verisign, it accepts it without questioning the user. Another problem is that your self-signed certificate is for the localhost (the machine, as it sees itself, just the same as you might refer to yourself as "me" when you look in the mirror). This isn't the address that other people access you by, so it is a false certificate to them. If you want to use a self-signed certificate, despite the prior information about it not being verifiable, then you need to generate a new one using the exact same fully-qualified domain name that your HTTPS site will be accessed through. i.e. If it's accessed as https://www.example.com then the certificate must be for www.example.com, not just example.com, nor any other variation. -- [tim@bigblack ~]$ uname -ipr 2.6.22.5-76.fc7 i686 i386 Using FC 4, 5, 6 & 7, plus CentOS 5. Today, it's FC7. Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
