|
openssl certificate organization mismatch
I've configured an apache virtualhost with an ssl certificate that I generated on another host. Below I've pasted the ssl.conf from /etc/httpd/conf.d/ as well as the beginning portion of the decrypted ssl certificate. When I navigate to https://system1.mwimp.com from a browser the ssl certificate Organization says SomeOrganization as indicated in the attached screenshot.
Code:
<VirtualHost 192.168.1.146:443>Code:
[root@system1 certs]# openssl x509 -text -noout -in ca.crt | grep Issue | awk '{print $7}'https://imgur.com/a/gbUYA |
The browser is notifying that the certificate was not issued by a known certificate issuer...which it wasn't.
It is what's known as a "self-issued certificate" Self issued certificates will still encrypt the transmission between the browser and the server*, but are not considered "secure" because the browser doesn't know the creating entity (SomeOrganization). *after the user accepts the certificate, telling the browser the cert is OK, that is. |
Thanks for the reply. One thing I noticed, is that when I generate the ssl certs on the server itself and put them in the same place, the browser will show the right O.
Code:
# Generate private key Could it be the issue that I'm using a .crt and a .key that I did not generate on the host itself? |
Quote:
However, the reason you're seeing these dialogs at all is because the certificate is self-signed and must be accepted (overridden) to work at all. Avoid that by purchasing a "real" certificate. |
Thanks so much for the help. Just out of curiousity do you know exactly why importing the certs doesn't work? In other words why does the issuer show up when I generate it on the machine vs when I copy the exact same cert to another bo?
|
I found the issue. The ssl.conf was using the localhost.key and localhost.crt because they're specified in the default virtualhost. I'll mark this issue as closed.
|
| All times are GMT -5. The time now is 07:13 AM. |