Welcome to the new Linux Foundation Forum!

Lab 7.5 - Created Self Signed Certificate - Browser doesn't show it's secure

I followed the Lab 7.5 steps verbatim to create my own Self Signed Certificate on CentOS7. However, when I finish with the steps and restart the httpd service, I'm prompted for a pass phrase for localhost:443 (RSA).

When I open up Firefox, it shows "Not Secure" for the website.

Is there anything that I might have missed? How do I get the SSL cert to work?

Thanks

Comments

  • lee42xlee42x Posts: 103

    Most of the "newer" browsers consider self signed keys to be "insecure" and will prompt you. There should be an option in the browser pop-up to acknowledge the usage of a self signed key. As for the passphrase, yes if a passphrase is set the server will prompt for it on startup. We can remove the passphrase if desired.

  • Sorry, I should have clarified. It shows it as "Connection Not Encrypted". It says, "The website ipvhost.example.com does not support encryption for the page you are viewing".

  • Thanks for the tip, lee42. Looking at the logs for errors - I see [ssl:warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?).

    What does this mean? Is this wrong? How should I fix it?

  • lee42xlee42x Posts: 103

    That message is indicating a CA "Certificate Authority" (the signing authority) is being used as a server certificate. Please review the certification generation section for the lab.

Sign In or Register to comment.