0

i finally got my certificate verified from a trusted CA. now, i have edited my etc/httpd/conf.d/ssl.conf to locate my new certificate.

i already included the ssl.conf in my etc/httpd/conf/httpd.conf.

i have setup my virtual host.

ServerName www.myhost.com.ph:80
NameVirtualHost *:443
<VirtualHost *:443>
    ServerName www.myhost.com.ph
    DocumentRoot /home/host/public
    ServerAlias myhost.com.ph myhost.net
    DirectoryIndex index.html index.php

    <Directory "/home/host/public">
        AllowOverride FileInfo Limit Options Indexes
        Allow from all
        Options Indexes FollowSymLinks MultiViews
    </Directory>
    <Files ~ "^\.ht">
             Order allow,deny
             Deny from all
    </Files>
</VirtualHost>

and here's my ssl.conf file:

LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost _default_:443>
    ServerName www.myhost.com.ph
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/myhost.com.ph.crt
    SSLCertificateKeyFile /etc/pki/tls/private/www.myhost.com.ph.key
    SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt
</VirtualHost>

when i access my site in a web browser via my ip address (https://125.x.xx.xxx), i still Untrusted Connected error. Error code: ssl_error_bad_cert_domain

Have I misconfigured my server setup? What are the other things I have to add/setup in my ssl and apache config? Please help. Thanks in advance.

xian
  • 1
  • 1
  • 3
  • 2
    ssl certificate is for domain name not for IP, thats why you are getting that error, your configuration looks fine. – Toqeer Sep 13 '12 at 03:59
  • oh. thank you for the info @Toqeer. but when i confirm the security exception on my browser, the address bar should have a lock icon but i have seen none. – xian Sep 13 '12 at 04:13
  • Look for the log file for any error, what distro you are using? if its centos then default httpd log file in /var/log/httpd/error.log or may be /var/log/httpd/ssl_error_log. – Toqeer Sep 13 '12 at 04:28

1 Answers1

2

You need to access the https part of the site via the domain name for which you have the signed certificate, otherwise you'll always get such an error.

Logic Wreck
  • 1,420
  • 9
  • 8