sys.portal
Published on sys.portal (https://sysportal.carnet.hr)

Početna > Problemi sa SSL certifikatima za AOSI

Problemi sa SSL certifikatima za AOSI

SyshelpNekoliko se kolega javilo na helpdesk s primjedbom da im se AOSI buni zbog krivih certifikata. Naime, AOSI pokupi postojeće certifikate od Apacheja. Ako slučajno imate greške u tim certifikatima, AOSI odbija suradnju.

Evo primjera pogreške na AOSI WWW sučelju:

 

curl_exec error 51 SSL: certificate subject name 'host.lab.carnet.hr' does not match target host name 'host1.carnet.hr'

 

Problem je u tome što bi CN polje (Common Name) u certifikatu trebalo odgovarati imenu hosta. Provjerite certifikate:

 

# openssl x509 -noout -text -in /etc/apache/ssl.crt/server.crt | grep Subject:

Subject: C=HR, O=lab.carnet.hr, CN=host.lab.hr/emailAddress=webmaster@host.lab.carnet.hr

 

# openssl x509 -noout -text -in /etc/aosi/certs/aosi_cert.pem | grep Subject:

Subject: C=HR, O=lab.carnet.hr, CN=host.lab.hr/emailAddress=webmaster@host.lab.carnet.hr

 

Vidimo da su certifikati neispravni. Obrisati ćemo stare i generirati nove certifikate za Apache, te ih iskopirati u /etc/aosi/certs/.

 

# find /etc/apache -name server.\* | xargs rm

 

(Ukoliko ovdje dobijete poruke "rm: too few arguments" i "Try `rm --help' for more information." to znači da su navedene datoteke već prije pobrisane i možete nastaviti dalje sa procedurom - Op. Željko Boroš )

 

# dpkg-reconfigure apache-cn

CN: Missing SSL certificates, generating.

Successfully generated server key pairs:

- ssl.crt/ca.crt

- ssl.key/ca.key

- ssl.crt/server.crt

- ssl.key/server.key

CN: Found: /etc/apache/mod-ssl.conf.

CN: mod_ssl configuration by CARNet is now in /etc/apache/conf.d/ssl.conf.

Check your configuration and remove the unneeded files.

Reloading apache modules.

Mailing upgrade output to root.

# cp /etc/apache/ssl.crt/server.crt /etc/aosi/certs/aosi_cert.pem

# cp /etc/apache/ssl.key/server.key /etc/aosi/certs/aosi_key.pem

 

Na kraju restartamo AOSI:

 

# /etc/init.d/aosi restart

 

I to je to.

 

čet, 2005-12-01 15:54 - Uredništvo
Vijesti: 
Linux [1]
Kuharice: 
Za sistemce [2]
Kategorije: 
Servisi [3]
Vote: 
0
No votes yet

Copyright ©2003.-2017. CARNet. Sva prava pridržana.
Mail to portal-team(at)CARNet.hr

Google+


Source URL: https://sysportal.carnet.hr/node/54

Links
[1] https://sysportal.carnet.hr/taxonomy/term/11
[2] https://sysportal.carnet.hr/taxonomy/term/22
[3] https://sysportal.carnet.hr/taxonomy/term/28