Trying to generate an x509 pem file for Stud as an SSL termination point. This pem file for Stud is supposed to contain an RSA Private Key. as well as Gandi's Root CA cert and my domain cert. Should my RSA Private Key be the key used during the CSR generation? Stud uses OpenSSL so I chose the suggested option in the Gandi SSL docs. Are the free 1-year certs always self-signed and therefor will always receive browser warning? Or is there some other private key I should be using? Thanks.
SSL General: The certificate is self-signed.
You should be logged in to post new messages. Create an account.
- By:
Aaron Peterson - Date: on 2012 Jun. 21 22:22
- Subject: The certificate is self-signed.
- By:
Aaron Peterson
- Date: on 2012 Jun. 21 23:18
- Subject: Re: The certificate is self-signed.
If you're using Stud to terminate SSL for https on port 443, be sure to (d'oh) disable SSL on Apache. The default config for Stud is port 8443 so you will be hitting your generic self-signed apache cert unless you turn ssl off in apache and modify the default config of Stud. To turn off SSL in apache2, open ssl.conf (or httpd.conf) and comment out #Listen 443 and set SSLEngine from on to off. If you generated your Gandi CSR using OpenSSL, Stud's pem-file should be concatenated in this order: 1) Your domain cert from Gandi 2) Gandi's Intermediary cert 3) the RSA Private Key you created when you generated the CSR
