1 |
On 03/04/2014 16:24, Peter Humphrey wrote: |
2 |
> Hello list, |
3 |
> |
4 |
> Almost there now... |
5 |
> |
6 |
> After receiving help from Mick K and the list (thanks again!) I've now some |
7 |
> idea of what I'm doing. |
8 |
> |
9 |
> I've installed OwnCloud to be served over SSL. I've followed the instructions |
10 |
> here[1] to create a self-signed certificate, which is in two files: cloud.crt |
11 |
> and cloud.key. I put both of those under /etc/apache2/private. I ignored the |
12 |
> vague references to intermediate files. The command I gave was: |
13 |
> |
14 |
> # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout cloud.key -out |
15 |
> cloud.crt |
16 |
> |
17 |
> Now when I start Apache I get this warning, twice: |
18 |
> |
19 |
> RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) |
20 |
> |
21 |
> Is this to be expected, or is anyone visiting (none expected though) likely to |
22 |
> think I'm masquerading as a certification authority? |
23 |
> |
24 |
> [1] http://www.sslshopper.com/article-how-to-create-and-install-an-apache-self-signed-certificate.html |
25 |
> |
26 |
|
27 |
|
28 |
What you've done works but you didn't do it the way Apache thinks these |
29 |
things work. You created a signing certs that is to be used to sign |
30 |
other certs, but instead used it as your SSL cert. Apache thinks this is |
31 |
unusual enough to warrant a log entry. |
32 |
|
33 |
To be truthful you don't want to do it that way if only because it's |
34 |
contrary to what other pros except you to have done. |
35 |
|
36 |
Third comment in this blog post gives excellent advice on how to do it |
37 |
better: |
38 |
|
39 |
http://www.turnkeylinux.org/forum/support/20121228/rsa-server-certificate-ca-certificate-error |
40 |
|
41 |
-- |
42 |
Alan McKinnon |
43 |
alan.mckinnon@×××××.com |