[TriLUG] it's late.. ssl question

David A. Cafaro dac at trilug.org
Sun Oct 10 22:51:13 EDT 2004


Your problem is that you previously had a certificate that you probably
generated that had serial number "00" for the first certificate.  When
you generated your new certificate, you generated it with the same
serial number of "00".  Now if any web browser has the old certificate
saved, it will fail because it's seeing a different certificate for the
same site with the same serial number.  You have to options to fix
this.  Delete the saved certificate on any browser that might have it
saved, or generate a new certificate with the serial incremented by
one.  I actual did this once before, but would have to go back through
my docs to remember how.  I don't think it was to difficult I think you
can set it via command line or in the openssl.cnf file.


On Sun, 2004-10-10 at 22:43, Greg Brown wrote:
> I must be looking over something very obvious.  I reinstalled my server 
> OS, CentOS in this case, and installed http via yum.  I also installed 
> openssl and created a key using the following command:
> 
> openssl req -new -x509 -extensions v3_ca -keyout \
> private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf
> 
> I then installed mod_ssl from yum which perviously, after the first two 
> steps, would allow me to use https encryption.  For some reason I now 
> get an error when I try to access my web server via https.  The error 
> is:
> 
> "You have received an invalid certificate. Please contact the server
> administrator or email correspondent and give them the following 
> information:
> 
> Your certificate contains the same serial number as another certificate
> issued by the certificate authority. Please get a new certificate 
> containing
> a unique serial number."
> 
> I'm fairly tired so I think I'm missing something really basic.  All 
> I'm doing is using a self-signed key.  The browser (safari, firefox) 
> should use this certificate but warn the user that it's self-signed.
> 
> Where am I going wrong?
> 
> Greg
-- 
David A. Cafaro
dac(at)trilug.org
Admin to User: "You did what!?!?!"




More information about the TriLUG mailing list