Named seems to have broken SSL

A. Rick Anderson a_rick at earthlink.net
Fri Jan 21 06:14:42 UTC 2005 

A. Rick Anderson wrote:

> Alexander Dalloz wrote:
>
>>Am Fr, den 21.01.2005 schrieb A. Rick Anderson um 4:19:
>>  
>>
>>>While trying to get a canonical version of chooted 'named' running,
>>>something I did seems to have broken SSL.  The certificate being
>>>presented for every https site is claims to be from "localhost.localdomain".
>>>    
>>>
>>I really doubt one has to do with the other. SSL cert issued from
>>"localhost.localdomain" (this is "hardcoded" information in the cert
>>file) is the default certificate, to be found under
>>/etc/httpd/conf/ssl.crt/. For a custom cert you will have to explicitly
>>give it the real service hostname as CN. 
>>  
>>
>>>Any idea which file I broke that would be messing up SSL?  Could this be
>>>related to rndc.key configuation?
>>>    
>>>
>>To the last question: no, hardly.
>>  
>>
> The part that confuses me is that named and dhcpd are the only 
> services I have been meddling with, and obviously, the site 
> https://www6.software.ibm.com/developerworks/education/l-lpndns/l-lpndns-3-1.html 
> is not really presenting my browsers (both mozilla and firefox) with a 
> certificate from localhost.localdomain.
>
> What would be causing my browsers to grab the wrong certificate for 
> https sites?
>
>-- A. Rick Anderson
>  
>
Ok, I found an oddity.
[root at Anar etc]# ping www6.software.ibm.com
PING www6.software.ibm.com (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=0 ttl=64 time=0.026 ms

For some reason, certain external routes, particularly https routes, are 
being resolved to localhost.  Then my browsers are attempting to open an 
SSL connection with localhost.  Since the only certificate that local 
host has is the default certificate, that is the certificate presented, 
and the communication fails, since local host doesn't have the URI that 
the browser is attempting to load.

So, my DNS configuration is now resolving external hosts locally, but it 
still can't resolve local dynamic workstations.  <sigh>

-- A. Rick Anderson
***********************************************************
If I didn't have bad luck, I wouldn't have any luck at all.
***********************************************************



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20050121/2c68951b/attachment-0002.html

More information about the users mailing list