trying to setup apache certs, no luck

[Red Squirrel]

I'm following this tuturial:
http://www.akadia.com/services..._test_certificate.html

But even after going through those steps, when I open the web site the cert is showing up as localhost.localdomain.

Also /usr/local/apache/conf/ does not exist on my system, so I'm thinking thats part of the problem. The actual encryption works, I get the lock icon and such, but I also get that anoying nag about cert being invalid since its not matching the domain.

Anyway to get this to work?

 

[Crusty]

If your cert is showing up as localhost.localdomain then you didn't create it properly, so I would start there.

 

[Red Squirrel]

So what did I do wrong?

 

[Crusty]

There could be many things, but since you mentioned directories it doesn't matter WHERE your key is stored, as long as your apache conf file has the correct location. I'm assuming you are using a self signed key, if so the CN of your CA and Server certs need to match, otherwise you will have errors.

 

[Red Squirrel]

I basically followed everything in that guide except I had to put it in my own folder. So any key part in that guide that could be missing? Do I need to possibly reboot the server for it to take effect? Though just restarting the service should do... (which I did twice)

Could the old one be getting cached somewhere that I have to clear?

 

[Skeeedunt]

Are you trying to host more than one SSL virtual host on the same IP? If so it will always return the cert for the first vhost listed (or the last... can't remember).

 

[Red Squirrel]

Hmm so is this where the problem lies that you can't use virtual hosts? Guess I can solve that by just having "secure.mydomain.com" then have virtual sub folders for each secured area.

 

[Skeeedunt]

Google around for more info, but basically each SSL vhost needs either its own IP or its own port. Wildcard certs are one way (AFAIK the only way) to get around this, so if you're generating your own, you can just do *.mydomain.com and use that for all vhosts (assuming of course they're all subdomains).

 

[Red Squirrel]

Ok so I made sure I only have one subdomain with one cert, but it refuses to use that cert. its still using the localhost.localdomain one which I have no clue where its even taking from. this is my config:

<VirtualHost *:443>
DocumentRoot /data/sysweb/secure
ServerName secure.iceteks.net

SSLEngine on
SSLCertificateFile /etc/httpd/certs/secure.crt
SSLCertificateKeyFile /etc/httpd/certs/secure.key

#SSLCipherSuite HIGH:MEDIUM

alias /webmail "/data/sysweb/secure/webmail"
alias /cp "/data/sysweb/secure/cp

</virtualhost>

 

[Crusty]

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/share/ssl/certs/ssl.exmaple.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/ssl.example.com.key
ErrorLog /usr/local/apache/domlogs/example.com-ssl_data_log
CustomLog /usr/local/apache/domlogs/example.com-ssl_log combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

Is what I use for my SSL apache configs.

 

[Red Squirrel]

Figured out why. Even with 1 SSL host I still need an IP seperate from my regular http hosting, so I set it under another IP and it works now. https://secure.iceteks.net. Not much there yet. Will use aliases such as /webmail and what not as I add more secured sites.