[lug] self-signed apache certs on fedora core?
D. Stimits
stimits at comcast.net
Tue Sep 6 20:05:52 MDT 2005
Jeffrey Brown wrote:
>>>>stimits at comcast.net 9/6/2005 2:16:43 PM >>>
>
> Now I have a new question about self-signed certs used on machines that
>
> do not have reverse DNS lookup...e.g., if I access my apache server via
>
> https://localhost or https://some_name_in_etc_hosts, where locahost and
>
> some_name_in_etc_hosts is not visible to the outside world. Is it
> possible to remove this error via a system configuration setting in
> combination with a CommonName such as localhost or 127.0.0.1?
>
> << Response >>
> CommonName on certificate generation should correspond to an A record
> in DNS to avoid the error I believe your talking about. So if CN is
> www.mysite.com then pointing my browser to mysite.com will incur the
> error or myhost.mysite.com will incur the error etc. To get around this
> you'll have to get into some virtual IP hosting on Apache and of course
> have the IP addresses.
I see...I don't necessarily have to have a real world DNS lookup (though
that would be simplest), but I need to "fake it" on a level beyond the
/etc/hosts file. So I could use some sort of VPN feature to do this
without running bind?
What I'm testing out are ways to set up an apache svn server that's
accessible only to a few individuals via https. Trying to do this first
means having non-snakeoil sample certs. This part is done, though I
still hope to remove the non-matching name warning.
D. Stimits, stimits AT comcast DOT net
More information about the LUG
mailing list