[lug] self-signed apache certs on fedora core?

D. Stimits stimits at comcast.net
Tue Sep 6 20:05:52 MDT 2005

Jeffrey Brown wrote:
>>>>stimits at comcast.net 9/6/2005 2:16:43 PM >>>
> Now I have a new question about self-signed certs used on machines that
> do not have reverse DNS lookup...e.g., if I access my apache server via
> https://localhost or https://some_name_in_etc_hosts, where locahost and
> some_name_in_etc_hosts is not visible to the outside world. Is it 
> possible to remove this error via a system configuration setting in 
> combination with a CommonName such as localhost or 
> << Response >>
> CommonName on certificate generation should correspond to an A record
> in DNS to avoid the error I believe your talking about. So if CN is
> www.mysite.com then pointing my browser to mysite.com will incur the
> error or myhost.mysite.com will incur the error etc. To get around this
> you'll have to get into some virtual IP hosting on Apache and of course
> have the IP addresses.

I see...I don't necessarily have to have a real world DNS lookup (though 
that would be simplest), but I need to "fake it" on a level beyond the 
/etc/hosts file. So I could use some sort of VPN feature to do this 
without running bind?

What I'm testing out are ways to set up an apache svn server that's 
accessible only to a few individuals via https. Trying to do this first 
means having non-snakeoil sample certs. This part is done, though I 
still hope to remove the non-matching name warning.

D. Stimits, stimits AT comcast DOT net

More information about the LUG mailing list