[TriLUG] it's late.. ssl question

David A. Cafaro dac at trilug.org
Mon Oct 11 00:12:17 EDT 2004 

Oh well, sorry it didn't help.  Good luck!

-David

On Mon, 2004-10-11 at 00:06, Greg Brown wrote:
> Nope, still having the same issue with firefox even after building the
> new cert with the -set_serial 01 option.  I'll try again in the morning,
> it's just too late now.
> 
> But thanks very much for the pointer!
> 
> Greg
> 
> On Oct 10, 2004, at 10:55 PM, David A. Cafaro wrote:
> 
> > Ok found it, try the "-set_serial 01" option, that should do it.
> >
> > -David
> >
> > On Sun, 2004-10-10 at 22:51, David A. Cafaro wrote:
> >> Your problem is that you previously had a certificate that you 
> >> probably
> >> generated that had serial number "00" for the first certificate.  When
> >> you generated your new certificate, you generated it with the same
> >> serial number of "00".  Now if any web browser has the old certificate
> >> saved, it will fail because it's seeing a different certificate for 
> >> the
> >> same site with the same serial number.  You have to options to fix
> >> this.  Delete the saved certificate on any browser that might have it
> >> saved, or generate a new certificate with the serial incremented by
> >> one.  I actual did this once before, but would have to go back through
> >> my docs to remember how.  I don't think it was to difficult I think 
> >> you
> >> can set it via command line or in the openssl.cnf file.
> >>
> >>
> >> On Sun, 2004-10-10 at 22:43, Greg Brown wrote:
> >>> I must be looking over something very obvious.  I reinstalled my 
> >>> server
> >>> OS, CentOS in this case, and installed http via yum.  I also 
> >>> installed
> >>> openssl and created a key using the following command:
> >>>
> >>> openssl req -new -x509 -extensions v3_ca -keyout \
> >>> private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf
> >>>
> >>> I then installed mod_ssl from yum which perviously, after the first 
> >>> two
> >>> steps, would allow me to use https encryption.  For some reason I now
> >>> get an error when I try to access my web server via https.  The error
> >>> is:
> >>>
> >>> "You have received an invalid certificate. Please contact the server
> >>> administrator or email correspondent and give them the following
> >>> information:
> >>>
> >>> Your certificate contains the same serial number as another 
> >>> certificate
> >>> issued by the certificate authority. Please get a new certificate
> >>> containing
> >>> a unique serial number."
> >>>
> >>> I'm fairly tired so I think I'm missing something really basic.  All
> >>> I'm doing is using a self-signed key.  The browser (safari, firefox)
> >>> should use this certificate but warn the user that it's self-signed.
> >>>
> >>> Where am I going wrong?
> >>>
> >>> Greg
> >> -- 
> >> David A. Cafaro
> >> dac(at)trilug.org
> >> Admin to User: "You did what!?!?!"
> > -- 
> > David A. Cafaro
> > dac(at)trilug.org
> > Admin to User: "You did what!?!?!"
> >
> > -- 
> > TriLUG mailing list        : 
> > http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
> >
-- 
David A. Cafaro
dac(at)trilug.org
Admin to User: "You did what!?!?!"

More information about the TriLUG mailing list