So I have an SSL enabled website running on Apache2.
https://eamorr.com (I get a warning in my browser, as expected)
I have a config file for this website at:
/etc/apache2/sites-available/eamorr.com-ssl.conf
Inside this file, I have the following lines:
SSLCertificateFile /etc/apache2/ssl/http://eamorr.com/eamorr.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/http://eamorr.com/eamorr.com.key
"eamorr.com.crt" and "eamorr.com.key" were generated by (i.e. self-signed):
openssl genrsa -out eamorr.com.key 2048
openssl req -new -x509 -key eamorr.com.key -out eamorr.com.crt -days 30000
mv eamorr.com.* /etc/apache2/ssl/eamorr.com/
apache2ctl restart
OK, great. I have a working https website with an SSL warning.
Now, I decided to create my own certificate authority (CA) and install this CA on my local computer (I'm using Apple OSX operating system).
So, back on my website's server, using two steps, I sign "eamorr.com.key" using my own CA:
1. sudo openssl req -new -key /etc/apache2/ssl/http://eamorr.com/eamorr.com.key -out /etc/apache2/ssl/http://eamorr.com/eamorr.com.csr #generates the certificate signing request (CSR)
2. sudo openssl ca -in /etc/apache2/ssl/http://eamorr.com/eamorr.com.csr -config ./openssl.cnf
I'm now given a new certificate that's printed on screen. I copied and pasted this certificate into /etc/apache2/ssl/http://eamorr.com/eamorr.com.crt
I then added another line to the Apache2 configuration for the site:
SSLCertificateChainFile /home/eamorr/ca/eamorr.comCA.crt
, where "eamorr.comCA.crt" is my CA's cert
apache2ctl restart
But what do I do now? I'm stuck!
Even though I've installed my CA's public key into my operating system, I'm still getting this error in Firefox:
"invalid security certificate"?
"the issuer certificate is unknown"?
But I imported my custom CA certificate (eamorr.comCA.crt) into my operating system (Apple OSX - imported into System certificates using the "KeyChain Access" program)???
Can anyone help me?
Aucun commentaire:
Enregistrer un commentaire