| 1 |
On 03/04/2014 16:24, Peter Humphrey wrote: |
| 2 |
> Hello list, |
| 3 |
> |
| 4 |
> Almost there now... |
| 5 |
> |
| 6 |
> After receiving help from Mick K and the list (thanks again!) I've now some |
| 7 |
> idea of what I'm doing. |
| 8 |
> |
| 9 |
> I've installed OwnCloud to be served over SSL. I've followed the instructions |
| 10 |
> here[1] to create a self-signed certificate, which is in two files: cloud.crt |
| 11 |
> and cloud.key. I put both of those under /etc/apache2/private. I ignored the |
| 12 |
> vague references to intermediate files. The command I gave was: |
| 13 |
> |
| 14 |
> # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout cloud.key -out |
| 15 |
> cloud.crt |
| 16 |
> |
| 17 |
> Now when I start Apache I get this warning, twice: |
| 18 |
> |
| 19 |
> RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) |
| 20 |
> |
| 21 |
> Is this to be expected, or is anyone visiting (none expected though) likely to |
| 22 |
> think I'm masquerading as a certification authority? |
| 23 |
> |
| 24 |
> [1] http://www.sslshopper.com/article-how-to-create-and-install-an-apache-self-signed-certificate.html |
| 25 |
> |
| 26 |
|
| 27 |
|
| 28 |
What you've done works but you didn't do it the way Apache thinks these |
| 29 |
things work. You created a signing certs that is to be used to sign |
| 30 |
other certs, but instead used it as your SSL cert. Apache thinks this is |
| 31 |
unusual enough to warrant a log entry. |
| 32 |
|
| 33 |
To be truthful you don't want to do it that way if only because it's |
| 34 |
contrary to what other pros except you to have done. |
| 35 |
|
| 36 |
Third comment in this blog post gives excellent advice on how to do it |
| 37 |
better: |
| 38 |
|
| 39 |
http://www.turnkeylinux.org/forum/support/20121228/rsa-server-certificate-ca-certificate-error |
| 40 |
|
| 41 |
-- |
| 42 |
Alan McKinnon |
| 43 |
alan.mckinnon@×××××.com |
Archives