SSL Problem

otis · October 18, 2007, 9:37am

I’m testing VirtualMin Pro on a CentOS 5 box on my local network preliminary to deploying it on a new server out on the 'net.

I created a site called adrxi.cgnet with an ip address different from name-based test sites. I created a dummy home page, and verified that I could see it at http://adrxi.cgnet.

Then I added SSL. VirtualMin reported performing the varios steps successfully. I cannot access the site via https://adrxi.cgnet, however.

The error-log for the site contains the following entires from a time when the server restarted:

[Thu Oct 18 09:16:56 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Thu Oct 18 09:16:56 2007] [warn] RSA server certificate wildcard CommonName (CN) `*.adrxi.cgnet' does NOT match server name!?

What is wrong here?

Otis

p.s. - here is the http.conf entry that virtualmin created:

<VirtualHost 192.168.13.9:443> SuexecUserGroup "#502" "#503" ServerName adrxi.cgnet ServerAlias www.adrxi.cgnet ServerAlias lists.adrxi.cgnet DocumentRoot /home/adrxi/public_html ErrorLog /home/adrxi/logs/error_log CustomLog /home/adrxi/logs/access_log combined ScriptAlias /cgi-bin/ /home/adrxi/cgi-bin/ ScriptAlias /awstats /home/adrxi/cgi-bin DirectoryIndex index.html index.htm index.php index.php4 index.php5 <Directory /home/adrxi/public_html> Options Indexes IncludesNOEXEC FollowSymLinks ExecCGI allow from all AllowOverride All AddHandler fcgid-script .php AddHandler fcgid-script .php5 FCGIWrapper /home/adrxi/fcgi-bin/php5.fcgi .php FCGIWrapper /home/adrxi/fcgi-bin/php5.fcgi .php5 </Directory> <Directory /home/adrxi/cgi-bin> allow from all </Directory> RemoveHandler .php RemoveHandler .php5 Alias /dav /home/adrxi/public_html Alias /pipermail /var/lib/mailman/archives/public <Location /dav> DAV On AuthType Basic AuthName adrxi.cgnet AuthUserFile /home/adrxi/etc/dav.digest.passwd Require valid-user ForceType text/plain </Location> RedirectMatch /cgi-bin/mailman/([^/]*)(.*) https://adrxi.cgnet:10000/virtualmin-mailman/unauthenticated/$1.cgi$2 RedirectMatch /mailman/([^/]*)(.*) https://adrxi.cgnet:10000/virtualmin-mailman/unauthenticated/$1.cgi$2 <Location /svn> DAV svn SVNParentPath /home/adrxi/svn AuthType Basic AuthName adrxi.cgnet AuthUserFile /home/adrxi/etc/svn.basic.passwd Require valid-user AuthzSVNAccessFile /home/adrxi/etc/svn-access.conf Satisfy Any </Location> SSLEngine on SSLCertificateFile /home/adrxi/ssl.cert SSLCertificateKeyFile /home/adrxi/ssl.key </VirtualHost>

otis · October 18, 2007, 11:04am

I found the other thread in which Joe mentioned that a similar access problem was due to there being no accept rule for https in the firewall.

I added one, and can now access the site via https.

So the warning messages were not related to the access problem. Is there any reason to be concerned about them?

Otis