SSL Problems

I created a virtual server, put it on its own IP, added a self generated SSL, and cannot connect to it. I keep getting an error saying there is a problem connecting to it. The Apache error log says:

[Tue Sep 11 22:59:18 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Sep 11 22:59:18 2007] [warn] RSA server certificate CommonName (CN) `’ does NOT match server name!?

What could it be?

Post edited by:, at: 2007/09/11 18:22<br><br>Post edited by: brucelet, at: 2008/06/27 07:20

Hey Bruce,

This looks kinda like the certificate is installed system-wide, rather than for the virtual server. Did you use the "Manage SSL Certificate" form found in the "Server Configuration" menu for the domain in question?

If so, what does the VirtualHost section from the Apache configuration file look like for this domain?

BTW-A self-signed certificate ought to have been generated automatically for you with all of the correct settings. Was there a reason to replace it? (I’m pulling in a bit of data gleaned from your email to me, that the problem cert is self-signed.)

Yes, it was generated originally, but I regenerated it a number of times from the Manage SSL Certificate while under this domain to try and fix the errors. The second error about domain name not matching would go away when I generated it without the www.

We used the Configure Website for SSL section to change the default directory to one that we created.

The directives section under Configure Website for SSL for this domain contains the following:

SuexecUserGroup "#500" "#501"
ErrorLog /home/example/logs/error_log
CustomLog /home/example/logs/access_log combined
ScriptAlias /cgi-bin/ /home/example/cgi-bin/
ScriptAlias /awstats /home/example/cgi-bin
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/example/public_html>
Options Indexes IncludesNOEXEC FollowSymLinks ExecCGI
allow from all
AllowOverride All
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/example/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/example/fcgi-bin/php5.fcgi .php5
<Directory /home/example/cgi-bin>
allow from all
RemoveHandler .php
RemoveHandler .php5
Alias /dav /home/example/public_html
<Location /dav>
AuthType Basic
AuthUserFile /home/example/etc/dav.digest.passwd
Require valid-user
ForceType text/plain
RedirectMatch /cgi-bin/mailman/([^/])(.)$1.cgi$2
RedirectMatch /mailman/([^/])(.)$1.cgi$2
SSLEngine on
SSLCertificateFile /home/example/ssl.cert
SSLCertificateKeyFile /home/example/ssl.key
DocumentRoot /home/example/public_html/httpsdocs

To re-animate this moribund thread, I wanted to point out that the solution turned out to be opening the firewall. Virtualmin is supposed to open all ports needed for hosting during install, but fails to open 443. This will be fixed in the next release of virtualmin-base.


There’s also a FTP problem in the default setup.

Right. I’ll see if I can figure out the active/passive/whatever bits needed, and get that fix in as well.

man, you’re on the ball :slight_smile: