Article 8352 at 06/12/27 20:20:33 From: will (at mark) willspc.net Subject: [coba-e:08352] SSL Problems

Index: [Article Count Order] [Thread]
Date:  Wed, 27 Dec 2006 06:20:22 -0500
From:  "Will Nordmeyer" <will (at mark) willspc.net>
Subject:  [coba-e:08352] SSL Problems
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <005801c729a9$004d3460$6600a8c0 (at mark) hundredacrewood.willspc.net>
X-Mail-Count: 08352

I've got most of my sites switched over from a Cobalt RaQ4, but am having
difficulties with SSL.  

1)       I found that, apparently, Bluequartz & IE don't get along, so I
can't do much of my SSL Certificate requirements with IE.  Are there plans
to evaluate that issue and come up with a resolution (I have my server in my
trusted sites and have turned off all pop up blockers with regards to my
domain)?

2)       I transferred a site with SSL enabled and it appeared to transfer
the certificates, but when I go to the site in SSL Mode (it is still a
placeholder site, so the old Cobalt 4 graphics don't come up) it gives me
certificate errors and doesn't appear to properly have the dependent
certificates loading (from directnic).

 I have the DirectNic certificates files in /home/httpd/conf/ssl.crt and
have added the following section to httpd.conf:  I was following this guide
(for Raq3/raq4/XRT). and grabbed the SSL area of httpd.conf from my other
cobalt server (ns1.wnahosting.com)
https://secure.directnic.com/help/guides/index.php?guide_id=7#200

 
<IfModule mod_ssl.c>
SSLSessionCache         dbm:/var/log/httpd/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex                file:/var/log/httpd/ssl_mutex
SSLRandomSeed startup   file:/dev/urandom 512
SSLRandomSeed connect   builtin

# Location of a secondary signing authority certificate. Uncomment and edit
# the location if necessary if you install a secondary certificate.
SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca.txt
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/sf_issuing.crt
</IfModule>

 
When I restart httpd, I get these errors and am not sure where the improper
certificate got loaded (ns1.myservername.com is my old servername):

 
[Tue Dec 26 18:34:07 2006] [warn] RSA server certificate CommonName (CN)
`ns1.myservername.com' does NOT match server name!?
[Tue Dec 26 18:34:08 2006] [notice] Digest: generating secret for digest
authentication ...
[Tue Dec 26 18:34:08 2006] [notice] Digest: done
[Tue Dec 26 18:34:08 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Tue Dec 26 18:34:08 2006] [notice] LDAP: SSL support unavailable
[Tue Dec 26 18:34:10 2006] [warn] RSA server certificate CommonName (CN)
`ns1.myservername.com' does NOT match server name!?
[Tue Dec 26 18:34:10 2006] [notice] Apache/2.0.52 (BlueQuartz) configured --
resuming normal operations


Can you provide me with any assistance?

--Will