Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: need help with SSL

  1. #1
    Join Date
    Oct 2010
    Beans
    11

    need help with SSL

    hi,

    I have setup a ubuntu CA server and created a CA root (server is pki.nelsonlab.local) which i loaded in the trusted root certificate of my windows 10 station

    I also created and signed a csr for a web server with subject alternative as web1.nelsonlab.local


    I added the instructions for the apache default virtual host as:
    SSLEngine on
    SSLCertificateKeyFile /etc/ssl/web1.nelsonlab.local.key
    SSLCertificateFile /etc/ssl/web1.nelsonlab.local.crt

    then restarted the web server

    When going to the web page https://web1.nelsonlab.local i am still getting a certificate error and dont understand why this is happening.

    everything to me looks fine i just don't understand why it's still giving me cert error.

    Can anyone explain why this is?
    Last edited by npereira; October 21st, 2022 at 03:16 PM.

  2. #2
    Join Date
    May 2010
    Beans
    3,232

    Re: need help with SSL

    Does the cert also contain the root? you need both the cert from the authority and the root ca in the same file, then the key file as you expect. Make sure you also distribute your root CA cert to the "Trusted Root Authority" folder in the client system so that it trusts the chain

  3. #3
    Join Date
    Oct 2010
    Beans
    11

    Re: need help with SSL

    hmmm, not sure what you mean by that, but this is the command i did on the CA server :



    openssl x509 -req -in web1.nelsonlab.local.csr -CA ca.cert.pem -CAkey ca.key -CAcreateserial -out web1.nelsonlab.local.crt -days 825 -sha256 -extfile web1.nelsonlab.local.ext

  4. #4
    Join Date
    Jun 2016
    Beans
    2,824
    Distro
    Xubuntu

    Re: need help with SSL

    Quote Originally Posted by npereira View Post
    created a CA root (server is pki.nelsonlab.local) which i loaded in the trusted root certificate of my windows 10 station
    What web browser are you using? Some browsers, such as Firefox or Chrome, use their own certificate stores independent of the OS store, so you would need to import your CA root certificate as an authority in your browser's settings.
    Xubuntu 22.04, ArchLinux ♦ System76 hardware, virt-manager/KVM, VirtualBox
    If your questions are resolved to your satisfaction, please use Thread Tools > "Mark this thread as solved..."

  5. #5
    Join Date
    May 2010
    Beans
    3,232

    Re: need help with SSL

    What OS is the client system?

  6. #6
    Join Date
    Oct 2010
    Beans
    11

    Re: need help with SSL

    im using edge and the root ca is there see attached
    Attached Images Attached Images

  7. #7
    Join Date
    Oct 2010
    Beans
    11

    Re: need help with SSL

    Windows 10 as mentioned in the original post

  8. #8
    Join Date
    May 2010
    Beans
    3,232

    Re: need help with SSL

    OK and does the cert file on y website have the root in it as well as the certificate from the CA?

  9. #9
    Join Date
    Oct 2010
    Beans
    11

    Re: need help with SSL

    here is the webserver cert
    Attached Images Attached Images

  10. #10
    Join Date
    Oct 2010
    Beans
    11

    Re: need help with SSL

    hmmm... I rebooted the station and now it's working....

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •