Hostname, Apache, and SSL

xlargebear at bellsouth.net xlargebear at bellsouth.net
Sun Mar 27 02:47:14 MST 2005 

Hi B
You have no idea  how many times I've done that and realized I made a 
mistake in the name. I keep doing it. Anyways, it's corrected. However, 
still no secure connection to my server.
When I try:
openssl s_client -connect www.mydomain.com:443
I get these lines
verify error:num=19:self signed certificate in certificate chain
verify return:0

I checked the logs in the router and from apache and there's no record 
of any connection being attempted. I even tried it by entering the ip 
of the linux box running the site from another within the network and 
nothing. Not even an error message.

On the apache error_log file I do get this when I restart apache
LDAP: Built with OpenLDAP LDAP SDK
[notice] LDAP: SSL support unavailable
[notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[notice] Digest: generating secret for digest authentication ...
[notice] Digest: done
[notice] LDAP: Built with OpenLDAP LDAP SDK
[notice] LDAP: SSL support unavailable
[notice] Apache/2.0.51 (Fedora) configured -- resuming normal operations

Thanks a lot for helping
Froinds

On Mar 27, 2005, at 2:50 AM, B1 wrote:

> I see a syntax error...Certificate Signing Request
> file is .csr not crs
> openssl req -new -key www.mydomain.com.key -out
> www.mydomain.com.crs(csr)
>
> See if that makes the difference...it prompts for CN
> and all that jazz afterwards...could be the problem
>  --- xlargebear at bellsouth.net wrote:
>
>> Hi B (or anyone who reads this)
>> This is driving me nuts. My old hostname in my Linux
>> box was Linux
>> since at the time I didn't have a domain. I changed
>> that and now when I
>> do hostname I get www.mydomain.com. When I type
>> dnshostname I get
>> mydomain.com without www. So far so good.
>> I went ahead and created my key:
>> openssl genrsa -des3 -out www.mydomain.com.key 1024
>> Then I created my certificate signing request:
>> openssl req -new -key www.mydomain.com.key -out
>> www.mydomain.com.crs
>> when openssl asks me for my Common Name I enter
>> www.mydomain.com
>> After that I create my self signed certificate
>> openssl x509 -req -days 365 -in www.mydomain.com.csr
>> -signkey
>> www.mydomain.com.key -out www.mydomain.com.crt
>> Finally the configuration for SSL in httpd.conf file
>> wich is a very
>> simple set up
>>
>> <VirtualHost 192.168.1.103:443>
>> ServerName www.mydomain.com
>> DocumentRoot /var/www/html/mydomain
>> <Directory /var/www/html/mydomain>
>> Options None
>> Order allow,deny
>> Allow from all
>> </Directory>
>> SSLEngine On
>> SSLCertificateFile
>> /etc/httpd/ssl/www.mydomain.com.crt
>> SSLCertificateKeyFile
>> /etc/httpd/ssl/www.mydomain.com.key
>> </VirtualHost>
>>
>> When I start Apache with ssl it seems to start
>> without a problem.
>> However, I can not connect from inside or outside to
>> it. In the
>> ssl_error.log I get the following line:
>> [Sat Mar 26 14:55:38 2005] [warn] RSA server
>> certificate CommonName
>> (CN) `Linux' does NOT match server name!?
>> "Linux" used to be my old hostname in my machine. I
>> already changed it
>> so I don't know where apache is getting that
>> hostname from.
>> Without ssl apache works and have been working fine
>> for months.
>> Thanks for all your help.
>> Froinds ( not really that large :) )
>>
>> On Mar 26, 2005, at 6:29 PM, B1 wrote:
>>
>>> If it already is working then you must have a
>> static
>>> ip(or a dynamic client) and you are using ns
>> servers
>>> from whom ever you registered your domain through;
>>> they are pointing your something.com to your
>> ip...no
>>> need to setup bind now, but if you wanted complete
>>> control( as most linux freeks do) then you'd setup
>>> bind but if it ain't broke then don't try to fix
>> it
>>>
>>> B1
>>>
>>> --- xlargebear at bellsouth.net wrote:
>>>> Thank you for your answer Mr. B1
>>>> I'm already running my website under that domain
>> and
>>>> it works without
>>>> setting up bind. I'm behind a linksys router that
>>>> points port 80 and
>>>> 443 to the box running apache.
>>>> Would I still need to set bind?
>>>> Froinds
>>>>
>>>>
>>>> On Mar 25, 2005, at 2:58 PM, B1 wrote:
>>>>
>>>>> Well first of all Mr. Xlargebear,
>>>>>
>>>>> You need to edit your /etc/sysconf/network file
>>>> and
>>>>> change hostname to what you'd like it to be.
>>>>>
>>>>> Your second and more laborious issue may be
>>>> setting up
>>>>> bind and named to make your box a dns for your
>>>> domain.
>>>>> Just setting the hostname as something.com won't
>>>> allow
>>>>> me to point my browser to you and access your
>>>> apache
>>>>> homepage. If you registered a domain name then
>> you
>>>>> should edit your hosts file in the /etc/hosts
>>>> location
>>>>> and add the name there, but this will only point
>>>> you
>>>>> to your box not other computers from your
>> intranet
>>>> or
>>>>> THE internet..such as typing something.com in
>> the
>>>>> browser on the LOCAL machine and getting your
>>>> apache
>>>>> homepage.
>>>>>
>>>>> 3rd..you really would fair better with a static
>> IP
>>>>> address and have it in your hosts file with your
>>>> FQD
>>>>> and other aliases and in your zone file and
>>>> named.conf
>>>>> if you want the world to have access to
>>>>> www.something.com
>>>>>
>>>>> if you have gnome then as root do;
>>>>>
>>>>> gedit /etc/sysconf/network
>>>>>
>>>>>          if kde then use kedit
>>>>>
>>>>> save that then do:
>>>>>
>>>>> service network restart
>>>>>
>>>>> All should be good...if not restart the box or
>>>> restart
>>>>> the other processes that aren't using the new
>>>>> hostname. Try this first and just ignore
>>>> everything
>>>>> else if that fixes your problem.
>>>>>
>>>>> If not then you need to scavenge the net for dns
>>>>> howto's...if they are too hairy for you then
>> reply
>>>>> back with your concerns and I'll do my best to
>>>> assist.
>>>>>
>>>>>
>>>>>
>>>>> --- xlargebear at bellsouth.net wrote:
>>>>>> Hi
>>>>>> I got an issue with the hostname of my machine
>>>> not
>>>>>> sticking after
>>>>>> reboot. I'm trying to set up Apache with SSL
>> and
>>>> I
>>>>>> haven't gotten it to
>>>>>> work because of the hostname not matching the
>>>>>> CommonName in the SSL
>>>>>> certificate.
>>>>>> When I installed YDL4 I didn't have a domain
>> name
>>>>>> back then so I set
>>>>>> the hostname to Linux. Now I have a domain name
>>>> and
>>>>>> I'd like to change
>>>>>> the hostname. I did hostnam www.mydomain.com
>> and
>>>> it
>>>>>> shows as that when
>>>>>> you enter hostname in the terminal. However,
>> when
>>>>>> apache starts with
>>>>>> SSL the hostname it picks up is Linux (the old
>>>> one)
>>>>>> in spite of the
>>>>>> fact that hostname shows the new name. When I
>>>>>> restart after changing
>>>>>> the hostname, it goes back to the old one:
>> Linux.
>>>>>> What am I missing here guys?
>>>>>> My machine is a Beige G3 266 booting with BootX
>> (
>>>> I
>>>>>> don't know if this
>>>>>> is relevant )
>>>>>> Thanks
>>>>>> Froinds
>>>>>>
>>>>>> _______________________________________________
>>>>>> yellowdog-general mailing list
>>>>>> yellowdog-general at lists.terrasoftsolutions.com
>>>>>>
>>>>>
>>>>
>>>
>>
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
>>>>>> HINT: to Google archives, try  '<keywords>
>>>>>> site:terrasoftsolutions.com'
>>>>>>
>>>>> _______________________________________________
>>
> === message truncated ===
>
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general at lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> HINT: to Google archives, try  '<keywords> site:terrasoftsolutions.com'
>

More information about the yellowdog-general mailing list