<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
 <TITLE>$B0BA4$J(B RedHat Apache $B%5!<%P$N9=C[J}K!(B: $B%H%i%V%k%7%e!<%F%#%s%0(B</TITLE>
 <LINK HREF="SSL-RedHat-HOWTO-6.html" REL=next>
 <LINK HREF="SSL-RedHat-HOWTO-4.html" REL=previous>
 <LINK HREF="SSL-RedHat-HOWTO.html#toc5" REL=contents>
</HEAD>
<BODY>
<A HREF="SSL-RedHat-HOWTO-6.html">$B<!$N%Z!<%8(B</A>
<A HREF="SSL-RedHat-HOWTO-4.html">$BA0$N%Z!<%8(B</A>
<A HREF="SSL-RedHat-HOWTO.html#toc5">$BL\<!$X(B</A>
<HR>
<H2><A NAME="s5">5. $B%H%i%V%k%7%e!<%F%#%s%0(B</A></H2>

<P>$BH/@8$7$&$k!"$"$j$,$A$JLdBj$r$$$/$D$+=q$$$F$*$-$^$9!#(B
<P>
<P>
<H2><A NAME="ss5.1">5.1 $B%5!<%P$O5/F0$7$?$h$&$K8+$($k$,!"%;%-%e%"%5%$%H$K%"%/%;%9$G$-$J$$(B</A>
</H2>

<P><CODE>error_log</CODE> $B%U%!%$%k$r%A%'%C%/$7$F$/$@$5$$!#%t%!!<%A%c%k%[%9%H$,(B
$B%(%i!<%m%0$r=q$/$h$&$K@_Dj$7$F$$$J$$$J$i!"9M$(D>$7$?J}$,$$$$$+$bCN$l$^$;$s!#(B
$BNc<($7$?(B SSL $B%t%!!<%A%c%k%[%9%H$O!"%(%i!<%m%0%U%!%$%k$K=PNO$7$^$9!#(B
$BB?J,!"(B2, 3 $B$N7Y9p$H!"%m%0$N:G8e$K%(%i!<$,$"$j!"4pK\E*$K$OHkL)80$,>ZL@=q$H(B
$B0lCW$7$J$$!"$H$$$&FbMF$G$7$g$&!#(B
<P>
<P>$BNc!'(B
<P>
<BLOCKQUOTE><CODE>
<PRE>
[Tue Nov 21 09:09:02 2000] [notice] Apache/1.3.14 (Unix) mod_ssl/2.7.1
OpenSSL/0.9.6 configured -- resuming normal operations
[Tue Nov 21 09:09:16 2000] [notice] caught SIGTERM, shutting down
[Tue Nov 21 14:39:54 2000] [notice] Apache/1.3.14 (Unix) mod_ssl/2.7.1
OpenSSL/0.9.6 configured -- resuming normal operations
[Tue Nov 21 14:40:31 2000] [notice] caught SIGTERM, shutting down
[Tue Nov 21 14:43:53 2000] [error] mod_ssl: Init: (esi.fin.equifax.com:443)
Unable to configure RSA server private key (OpenSSL library error follows)
[Tue Nov 21 14:43:53 2000] [error] OpenSSL: error:0B080074:x509 certificate
routines:X509_check_private_key:key values mismatch
</PRE>
</CODE></BLOCKQUOTE>
<P>
<P>$B>e5-$N%(%i!<%a%C%;!<%8$rF@$?$J$i!"LdBj$O80$H>ZL@=q$,0lCW$7$J$$$3$H$G$9!#(B
$B%G%U%)%k%H$N(B <CODE>server.key</CODE>$B%U%!%$%k$r;H$C$F$$$J$$$3$H$r3NG'$7$F$/$@$5$$!#(B
$B$^$?!"(B<CODE>httpd.conf</CODE> $B%U%!%$%k$r%A%'%C%/$7$F!"%G%#%l%/%F%#%V$,@5$7$$HkL)80$H>ZL@=q$r;X$7$F$$$k$+$N3NG'$b$9$k$Y$-$G$9!#(B
<P>
<P>$B3NG'$N$?$a!"HkL)80$H>ZL@=q$N=q<0$,@53N$G!"$*8_$$$KBP$r$J$7$F$$$k$3$H$rD4$Y$k$3$H$b$G$-$^$9!#$3$N$?$a$K$O!"2<$N%3%^%s%I$r;H$C$FHkL)80$r%?!<%_%J%k%&%#%s%I%&$KI|9f2=$7!"JL$N%&%#%s%I%&$G>ZL@=q$rI|9f2=$7$F$/$@$5$$!#(B
$BHf3S$9$k$N$O!"80$=$l$>$l$N%b%8%e!<%k$H<BBN$G$9!#80$N%b%8%e!<%k$H<BBN$,>ZL@=q$N$=$l$H0lCW$9$k$J$i$P!"$=$N>ZL@=q$H80$,@5$7$/BP$K$J$C$F$$$k$H$$$($^$9!#(B
<P>
<P>If all else fails, create a new private key, CSR or self-signed
certificate.  Before you do this, check your CA's re-issue policy.  You may
be charged for a re-issue.
<P>
<P>To view the contents of the certificate:
<P>
<BLOCKQUOTE><CODE>
<PRE>
openssl x509 -noout -text -in filename.crt
</PRE>
</CODE></BLOCKQUOTE>
<P>
<P>To view the contents of the private key:
<P>
<BLOCKQUOTE><CODE>
<PRE>
openssl rsa -noout -text -in filename.key
</PRE>
</CODE></BLOCKQUOTE>
<P>
<P>
<H2><A NAME="ss5.2">5.2 Certificate Name Check Warning is issued by the client's browser</A>
</H2>

<P>The most common cause for this is omitting the "www" at the beginning of the
domain name when creating the CSR.  The name defined by the "ServerName"
directive for that virtual host must match the domain name presented by the
certificate exactly or the browser will let the client know.  The exception
is a wild card certificate.  A wild card certificate's domain name field
would look like *.somedomain.com.  This enables you to use one certificate
for any number of sub-domains of somedomain.com (e.g. host1.somedomain.com
and host2.somedomain.com).
<P>
<P>
<H2><A NAME="ss5.3">5.3 $B%/%i%$%"%s%H$N%V%i%&%6$K!">ZL@=q$,?.Mj$5$l$F$$$J$$>ZL@=qH/9T5!4X(B</A>
</H2>

<P>If you are using a self-signed certificate, you will get this warning.  Your
clients will be given the option to trust your certificate or not.  If you
have a CA signed certificate and are getting the untrusted warning, you
probably need to install their intermediate (root) certificate.
<P>
<P>
<H2><A NAME="ss5.4">5.4 SSLEngine on is an un-recognized command (Apache $B$N5/F0;~(B)</A>
</H2>

<P>$B$3$N%(%i!<%a%C%;!<%8$O!"(BApache $B$H0l=o$K(B ModSSL $B$r%3%s%Q%$%k$7$J$+$C$?>l9g$K(B
$BH/@8$7$^$9!#%t%!!<%A%c%k%[%9%H$G(B SSL $B$r;H$&$N$K!"JL$N%G%#%l%/%F%#%V$r;H$&(B
SSL $B%Q%C%1!<%8$b$"$j$^$9!#JL$N%G%#%l%/%F%#%V$r;H$&%Q%C%1!<%8$r;H$C$F$$$k>l9g(B
$B$3$N%(%i!<%a%C%;!<%8$r$^$?8+$k$3$H$K$J$j$^$9!#(B
<P>
<H2><A NAME="ss5.5">5.5 "PEM $B%Q%9%U%l!<%:(B" $B$rK:$l$F$7$^$$!"$I$&$d$C$F$=$l$r:F@_Dj$9$k$+CN$j$?$$!#(B</A>
</H2>

<P>$B$3$N%Q%9%U%l!<%:$r:F@_Dj$9$kJ}K!$O$"$j$^$;$s!#2r7h$9$k$K$O!"%Q%9%U%l!<%:$r21$($F(B
$B$*$/$+!"?7$7$$HkL)80$r:n@.$9$k$7$+$"$j$^$;$s!#$=$&$9$k$H!"?7$7$$>ZL@=q$r<hF@(B
$B$9$k$+!"?7$7$$<+=p>ZL@=q$r:n@.$9$kI,MW$,$G$F$/$k$G$7$g$&!#(B
<P>
<P>
<HR>
<A HREF="SSL-RedHat-HOWTO-6.html">$B<!$N%Z!<%8(B</A>
<A HREF="SSL-RedHat-HOWTO-4.html">$BA0$N%Z!<%8(B</A>
<A HREF="SSL-RedHat-HOWTO.html#toc5">$BL\<!$X(B</A>
</BODY>
</HTML>