On Wed, Jul 30, 2014 at 2:56 PM, Ted Byers <r.ted.byers@gmail.com> wrote:
On Wed, Jul 30, 2014 at 2:38 PM, Ted Byers <r.ted.byers@gmail.com> wrote:
Two last questions. When I submit the following:
openssl s_client -connect gremlin.site:443 -showcerts
I get not only the server certificate that I created from my own CA, but also the certificate that I had installed, but which was bought from GoDaddy, for one of our development servers. The latter is not mentioned in my vhosts-ssl.conf, so why is it even sent. I thought apache would send only the certificate attached to the domain in the url in the request made to the server.
The answer to this question is that I mistook the CA root certificate for the certificate I'd made for another server. Proof I am an idiot. :-(
On further investigation, this is more troubling. None of my configuration files refer to a certificate related to my other development server. Worse, in /etc/apache2/ssl.crt and /etc/apache2/ssl.key, there exists ONLY the keys and certificates that I made when creating first my CA and then the key and certificate for gremlin.site. So, where is this other certificate located and why is Apache using it?
This just goes to show I am an idiot. I had created my rootCA.crt many months ago, and had forgotten that I created it with the FQDN of dev.profitorius.com, so all is behaving as it ought. But, I think in due course, I will regenerate the rootCA with a different FQDN (with meaning only within my LAN). But what I have will suffice for my testing purposes. Thanks all. Ted -- R.E.(Ted) Byers, Ph.D.,Ed.D. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org