https can;t be good for work

edwardspl at ita.org.mo edwardspl at ita.org.mo
Fri Sep 21 14:50:59 UTC 2007 

Dear All,

I can't to enable the https as the following :

<VirtualHost webmail.ita.org.mo>
Redirect / https://webmail.ita.org.mo:443
</VirtualHost>

<VirtualHost webmail.ita.org.mo>
DocumentRoot ...
ServerName webmail.ita.org.mo
ErrorLog ...
TransferLog ...
SSLEngine on
SSLCertificateFile server.crt
SSLCertificateKeyFile server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog /var/log/itawm-ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>


error log of web server :
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN) 
`localhost' does NOT match server name!?
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate is a CA 
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:42:44 2007] [warn] RSA server certificate CommonName (CN) 
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA 
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN) 
`localhost' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA 
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN) 
`localhost' does NOT match server name!?

ssl error log :
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA 
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN) 
`localhost.localdomain' does NOT match server name!?
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate is a CA 
certificate (BasicConstraints: CA == TRUE !?)
[Fri Sep 21 22:43:29 2007] [warn] RSA server certificate CommonName (CN) 
`localhost.localdomain' does NOT match server name!?

So, what mistake about the config ?

Remark : The ssl is self-signed SSL Certificate, and the Web Server come 
with FC6 System.

Thanks !

Edward.

More information about the users mailing list