Apache2 + OpenSSL, Certificate CA

Question

I've created the self-signed server certificate, the private server key and the Certificate Authority's own certificate using the below commands.

openssl genrsa -out ca.key 2048
openssl req -config openssl.cnf -new -x509 -days 365 -key ca.key -out ca.crt
openssl genrsa -out server.key 2048
openssl req -config openssl.cnf -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

I've then added them to httpd-ssl.conf using the below.

SSLCertificateFile "C:/Apache2/conf/server.crt"
SSLCertificateKeyFile "C:/Apache2/conf/server.key"
SSLCertificateChainFile "C:/Apache2/conf/ca.crt"

However when visiting https://localhost I get:-

Secure Connection Failed An error occurred during a connection to localhost. Peer's certificate has an invalid signature. (Error code: sec_error_bad_signature) The page you are trying to view can not be shown because the authenticity of the received data could not be verified. * Please contact the web site owners to inform them of this problem.

Any ideas anyone?

Thanks

Normal untrusted error localhost uses an invalid security certificate. The certificate is not trusted because it is self signed.

My CA certificate error An error occurred during a connection to localhost. Peer's certificate has an invalid signature.

Answer 1

Try re-generating your certificate this way:

openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr

Then, remove the passphrase from the server certificate for avoiding Apache asking you the password everytime you restart it:

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

And then, generate your self-signed certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

After, just specify SSLCertificateFile and SSLCertificateKeyFile to use your new certificate.