[TriLUG] it's late.. ssl question

David A. Cafaro dac at trilug.org
Sun Oct 10 22:55:16 EDT 2004


Ok found it, try the "-set_serial 01" option, that should do it.

-David

On Sun, 2004-10-10 at 22:51, David A. Cafaro wrote:
> Your problem is that you previously had a certificate that you probably
> generated that had serial number "00" for the first certificate.  When
> you generated your new certificate, you generated it with the same
> serial number of "00".  Now if any web browser has the old certificate
> saved, it will fail because it's seeing a different certificate for the
> same site with the same serial number.  You have to options to fix
> this.  Delete the saved certificate on any browser that might have it
> saved, or generate a new certificate with the serial incremented by
> one.  I actual did this once before, but would have to go back through
> my docs to remember how.  I don't think it was to difficult I think you
> can set it via command line or in the openssl.cnf file.
> 
> 
> On Sun, 2004-10-10 at 22:43, Greg Brown wrote:
> > I must be looking over something very obvious.  I reinstalled my server 
> > OS, CentOS in this case, and installed http via yum.  I also installed 
> > openssl and created a key using the following command:
> > 
> > openssl req -new -x509 -extensions v3_ca -keyout \
> > private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf
> > 
> > I then installed mod_ssl from yum which perviously, after the first two 
> > steps, would allow me to use https encryption.  For some reason I now 
> > get an error when I try to access my web server via https.  The error 
> > is:
> > 
> > "You have received an invalid certificate. Please contact the server
> > administrator or email correspondent and give them the following 
> > information:
> > 
> > Your certificate contains the same serial number as another certificate
> > issued by the certificate authority. Please get a new certificate 
> > containing
> > a unique serial number."
> > 
> > I'm fairly tired so I think I'm missing something really basic.  All 
> > I'm doing is using a self-signed key.  The browser (safari, firefox) 
> > should use this certificate but warn the user that it's self-signed.
> > 
> > Where am I going wrong?
> > 
> > Greg
> -- 
> David A. Cafaro
> dac(at)trilug.org
> Admin to User: "You did what!?!?!"
-- 
David A. Cafaro
dac(at)trilug.org
Admin to User: "You did what!?!?!"




More information about the TriLUG mailing list