LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-29-2006, 03:35 PM   #1
ashiers
LQ Newbie
 
Registered: Jun 2006
Posts: 11

Rep: Reputation: 0
SSL Certificates


The ServerName is established in the httpd.conf file.
An SSL Certificate tries to compare its Common Name with the ServerName. If they don't match, there's a problem.

I created a self-signed certificate using the openssl utility where I must have originally mistyped the ServerName for the Common Name. This was apparent since the names didn't match. So I had to repeat the process but with the correct info.

The first certificate I created on June 26th. I've deleted the files server.key and server.crt from their respective directories and replaced them with newly created files with the correct information in them. However, when I open my browser and get the dialog box that warns about the certificate and I check the date it still reads June 26th.
This is now the 29th. of June so the cerificate should reflect that since the latest one I created was today. How is it the server is retaining this older certificate in memory? Why isn't it reading the latest certificate?

Alan

Last edited by ashiers; 06-29-2006 at 03:36 PM.
 
Old 06-29-2006, 06:20 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
If serverside result of "cat /directory/certificate.pem|openssl x509 -noout -dates" shows the right dates then check if the server had the chance to reread info (kill -HUP). If it did then it could be a clientside issue with a cached cert.
 
Old 06-30-2006, 09:39 AM   #3
ashiers
LQ Newbie
 
Registered: Jun 2006
Posts: 11

Original Poster
Rep: Reputation: 0
I found the problem! Others might learn from what I discovered. Actually, an individual from another newsgroup forum on Linux suggested looking for an Include directive in the httpd.conf file.
I looked and there was. It pointed to an ssl.conf file that is specifically configured to include commands for setting up a virtual host listening on port 443 and sets the SSLCertificateFile directive and others to a directory where a default.crt file was being stored. The default.crt was a copy of the original server.crt file I had created.

Needless to say, I wound up editing the ssl.conf file to point the the proper files in the appropriate directories.

Thanks for your patients and suggestions,

Alan
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache 2 and SSL Certificates aq_mishu Linux - Security 3 02-07-2006 12:09 PM
SSL certificates the-chains Linux - Software 0 11-15-2004 08:12 PM
Trouble generating ssl certificates linuxturtle Linux - Networking 3 09-19-2004 09:23 AM
ssl certificates champ Linux - Security 2 04-05-2003 10:47 AM
ssl certificates Syncrm Linux - General 7 02-26-2003 11:01 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration