What do I need for SSL?
- by Ency
Hi guys, just a quick question, I'm kind of confused.
I've had set-up my own certification authority and I can create requests and signed them. But, I'm not sure, what I need to give to Apache, currently I've got:
CA Private key
CA Certificate
Website Private key
Website Certificate
Website Certificate Request (I think I do not need it, but just to be clear)
Until today I was using snakeoil certificate, but I've decided to have more SSL services, than CA looks as good solution, so my Apache was configured well, but now I am not sure what I shall provide to apache in following rules:
SSLCertificateKeyFile /path/to/Website Private Key
SSLCertificateFile /path/to/CA Certificate
But than I got
[Mon Dec 27 12:09:33 2010] [warn] RSA server certificate CommonName (CN) `EServer' does NOT match server name!?
[Mon Dec 27 12:09:33 2010] [error] Unable to configure RSA server private key
[Mon Dec 27 12:09:33 2010] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Something tells me than the warning is quite weird, because "EServer" is a common name of CA, so I think I shall not use CA Certificate in SSLCertificateFile, shall I?
Do I need to create Certificate from Website private key or something else?