Forum
SSL with Hiawatha
Henry
17 July 2008, 15:52
I followed your instruction as outlined on howto SSL section to generate the certificate with openssl and placed it in the Hiawatha conf directory /etc/hiawatha. The httpd.conf files for the binding section is as follows:
------------------------------------------------------------------
Binding {
Port = 80
Interface = 127.0.0.1
MaxKeepAlive = 30
TimeForRequest = 3,20
}
Binding {
# Port = 80
Port = 443
# Interface = ::1
# Interface = 127.0.0.1
# MaxKeepAlive = 30
# TimeForRequest = 3,20
UseSSL = yes
}
ServerKey = /etc/hiawatha/serverkey.pem
----------------------------------------------------------
But when I invoke firefox with https://localhost/index.html, I got the following
message from the firefox browser:
----------------------------------------------------------
Secure Connection Failed
localhost uses an invalid security certificate.
The certificate is not trusted because it is self signed.
The certificate is only valid for XTECH
(Error code: sec_error_untrusted_issuer)
* This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.
* If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.
Or you can add an exception?
-----------------------------------------------------------------
Question 1)
Am I missing somethong obvious? What is problem with the SSL certificate?
Question 2)
In the binding section for port 443, when does the line
Interface = ::1 mean?
------------------------------------------------------------------
Thank you very much in advance. Your help is greatly appreciated. :-).
------------------------------------------------------------------
Binding {
Port = 80
Interface = 127.0.0.1
MaxKeepAlive = 30
TimeForRequest = 3,20
}
Binding {
# Port = 80
Port = 443
# Interface = ::1
# Interface = 127.0.0.1
# MaxKeepAlive = 30
# TimeForRequest = 3,20
UseSSL = yes
}
ServerKey = /etc/hiawatha/serverkey.pem
----------------------------------------------------------
But when I invoke firefox with https://localhost/index.html, I got the following
message from the firefox browser:
----------------------------------------------------------
Secure Connection Failed
localhost uses an invalid security certificate.
The certificate is not trusted because it is self signed.
The certificate is only valid for XTECH
(Error code: sec_error_untrusted_issuer)
* This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.
* If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.
Or you can add an exception?
-----------------------------------------------------------------
Question 1)
Am I missing somethong obvious? What is problem with the SSL certificate?
Question 2)
In the binding section for port 443, when does the line
Interface = ::1 mean?
------------------------------------------------------------------
Thank you very much in advance. Your help is greatly appreciated. :-).
Hugo Leisink
17 July 2008, 17:14
Answer 1)
There is nothing wrong. Firefox is giving you a warning, because you are using a self signed SSL certificate, which most of the time indicate that the website is likely not to be trusted. For your own websites, you can of course make an exception.
If you don't understand what is going on, I advice you to read some articles about cryptography. Start here:
http://en.wikipedia.org/wiki/Public-key_cryptography
http://en.wikipedia.org/wiki/Self-signed_certificate
Answer 2)
::1 is the IPv6 version of 127.0.0.1 (localhost). If you don't use IPv6, you can delete that line.
There is nothing wrong. Firefox is giving you a warning, because you are using a self signed SSL certificate, which most of the time indicate that the website is likely not to be trusted. For your own websites, you can of course make an exception.
If you don't understand what is going on, I advice you to read some articles about cryptography. Start here:
http://en.wikipedia.org/wiki/Public-key_cryptography
http://en.wikipedia.org/wiki/Self-signed_certificate
Answer 2)
::1 is the IPv6 version of 127.0.0.1 (localhost). If you don't use IPv6, you can delete that line.
Henry
17 July 2008, 17:31
Thank you I understand what's going on with the certificate now. Thanks for the helpful links. :-).
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
