Hostname, Apache, and SSL

Sun Mar 27 00:50:35 MST 2005

I see a syntax error...Certificate Signing Request
file is .csr not crs 
openssl req -new -key www.mydomain.com.key -out
www.mydomain.com.crs(csr)

See if that makes the difference...it prompts for CN
and all that jazz afterwards...could be the problem 
 --- xlargebear at bellsouth.net wrote:

> Hi B (or anyone who reads this)
> This is driving me nuts. My old hostname in my Linux
> box was Linux 
> since at the time I didn't have a domain. I changed
> that and now when I 
> do hostname I get www.mydomain.com. When I type
> dnshostname I get 
> mydomain.com without www. So far so good.
> I went ahead and created my key:
> openssl genrsa -des3 -out www.mydomain.com.key 1024
> Then I created my certificate signing request:
> openssl req -new -key www.mydomain.com.key -out
> www.mydomain.com.crs
> when openssl asks me for my Common Name I enter
> www.mydomain.com
> After that I create my self signed certificate
> openssl x509 -req -days 365 -in www.mydomain.com.csr
> -signkey 
> www.mydomain.com.key -out www.mydomain.com.crt
> Finally the configuration for SSL in httpd.conf file
> wich is a very 
> simple set up
> 
> <VirtualHost 192.168.1.103:443>
> ServerName www.mydomain.com
> DocumentRoot /var/www/html/mydomain
> <Directory /var/www/html/mydomain>
> Options None
> Order allow,deny
> Allow from all
> </Directory>
> SSLEngine On
> SSLCertificateFile
> /etc/httpd/ssl/www.mydomain.com.crt
> SSLCertificateKeyFile
> /etc/httpd/ssl/www.mydomain.com.key
> </VirtualHost>
> 
> When I start Apache with ssl it seems to start
> without a problem. 
> However, I can not connect from inside or outside to
> it. In the 
> ssl_error.log I get the following line:
> [Sat Mar 26 14:55:38 2005] [warn] RSA server
> certificate CommonName 
> (CN) `Linux' does NOT match server name!?
> "Linux" used to be my old hostname in my machine. I
> already changed it 
> so I don't know where apache is getting that
> hostname from.
> Without ssl apache works and have been working fine
> for months.
> Thanks for all your help.
> Froinds ( not really that large :) )
> 
> On Mar 26, 2005, at 6:29 PM, B1 wrote:
> 
> > If it already is working then you must have a
> static
> > ip(or a dynamic client) and you are using ns
> servers
> > from whom ever you registered your domain through;
> > they are pointing your something.com to your
> ip...no
> > need to setup bind now, but if you wanted complete
> > control( as most linux freeks do) then you'd setup
> > bind but if it ain't broke then don't try to fix
> it
> >
> > B1
> >
> > --- xlargebear at bellsouth.net wrote:
> >> Thank you for your answer Mr. B1
> >> I'm already running my website under that domain
> and
> >> it works without
> >> setting up bind. I'm behind a linksys router that
> >> points port 80 and
> >> 443 to the box running apache.
> >> Would I still need to set bind?
> >> Froinds
> >>
> >>
> >> On Mar 25, 2005, at 2:58 PM, B1 wrote:
> >>
> >>> Well first of all Mr. Xlargebear,
> >>>
> >>> You need to edit your /etc/sysconf/network file
> >> and
> >>> change hostname to what you'd like it to be.
> >>>
> >>> Your second and more laborious issue may be
> >> setting up
> >>> bind and named to make your box a dns for your
> >> domain.
> >>> Just setting the hostname as something.com won't
> >> allow
> >>> me to point my browser to you and access your
> >> apache
> >>> homepage. If you registered a domain name then
> you
> >>> should edit your hosts file in the /etc/hosts
> >> location
> >>> and add the name there, but this will only point
> >> you
> >>> to your box not other computers from your
> intranet
> >> or
> >>> THE internet..such as typing something.com in
> the
> >>> browser on the LOCAL machine and getting your
> >> apache
> >>> homepage.
> >>>
> >>> 3rd..you really would fair better with a static
> IP
> >>> address and have it in your hosts file with your
> >> FQD
> >>> and other aliases and in your zone file and
> >> named.conf
> >>> if you want the world to have access to
> >>> www.something.com
> >>>
> >>> if you have gnome then as root do;
> >>>
> >>> gedit /etc/sysconf/network
> >>>
> >>>          if kde then use kedit
> >>>
> >>> save that then do:
> >>>
> >>> service network restart
> >>>
> >>> All should be good...if not restart the box or
> >> restart
> >>> the other processes that aren't using the new
> >>> hostname. Try this first and just ignore
> >> everything
> >>> else if that fixes your problem.
> >>>
> >>> If not then you need to scavenge the net for dns
> >>> howto's...if they are too hairy for you then
> reply
> >>> back with your concerns and I'll do my best to
> >> assist.
> >>>
> >>>
> >>>
> >>> --- xlargebear at bellsouth.net wrote:
> >>>> Hi
> >>>> I got an issue with the hostname of my machine
> >> not
> >>>> sticking after
> >>>> reboot. I'm trying to set up Apache with SSL
> and
> >> I
> >>>> haven't gotten it to
> >>>> work because of the hostname not matching the
> >>>> CommonName in the SSL
> >>>> certificate.
> >>>> When I installed YDL4 I didn't have a domain
> name
> >>>> back then so I set
> >>>> the hostname to Linux. Now I have a domain name
> >> and
> >>>> I'd like to change
> >>>> the hostname. I did hostnam www.mydomain.com
> and
> >> it
> >>>> shows as that when
> >>>> you enter hostname in the terminal. However,
> when
> >>>> apache starts with
> >>>> SSL the hostname it picks up is Linux (the old
> >> one)
> >>>> in spite of the
> >>>> fact that hostname shows the new name. When I
> >>>> restart after changing
> >>>> the hostname, it goes back to the old one:
> Linux.
> >>>> What am I missing here guys?
> >>>> My machine is a Beige G3 266 booting with BootX
> (
> >> I
> >>>> don't know if this
> >>>> is relevant )
> >>>> Thanks
> >>>> Froinds
> >>>>
> >>>> _______________________________________________
> >>>> yellowdog-general mailing list
> >>>> yellowdog-general at lists.terrasoftsolutions.com
> >>>>
> >>>
> >>
> >
>
http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> >>>> HINT: to Google archives, try  '<keywords>
> >>>> site:terrasoftsolutions.com'
> >>>>
> >>> _______________________________________________
> 
=== message truncated ===