主题: iredadmin的CA证书出错,新问题
默认安装完毕iRedMail后,批量添加用户OK,进入WebMail访问OK,发送邮件OK,
但是访问https://192.168.100.2/iredadmin,出错,错误信息如下:
此网站的安全证书有问题。
此网站出具的安全证书不是由受信任的证书颁发机构颁发的。
此网站出具的安全证书是为其他网站地址颁发的。
安全证书问题可能显示试图欺骗您或截获您向服务器发送的数据。
建议关闭此网页,并且不要继续浏览该网站。
单击此处关闭该网页。
继续浏览此网站(不推荐)。
更多信息
如果通过单击链接到达此页面,请检查地址栏中的网站以确保该地址是您希望到达的页面。
转到如 https://example.com 等网站时,请尝试将 "www" 添加到地址中,变为 https://www.example.com。
如果选择忽略此错误并继续,请不要在网站中输入私人信息。
有关详细信息,请参阅 Internet Explorer 帮助中的“证书错误”。
根据论坛里的方式,修改/tmp/mail/iRedMail-0.7.0-beta3/tools/generate_ssl_keys.sh 文件为如下:
# SSL key.
export SSL_CERT_FILE="${ROOTDIR}/certs/iRedMail_CA.pem"
export SSL_KEY_FILE="${ROOTDIR}/private/iRedMail.key"
export TLS_COUNTRY='CN'
export TLS_STATE='ZheJiang'
export TLS_CITY='NingBo'
export TLS_COMPANY="${HOSTNAME}"
export TLS_DEPARTMENT='IT'
export TLS_HOSTNAME="${HOSTNAME}"
export TLS_ADMIN="root@${HOSTNAME}"
只改了CN,ZHEJIANG,NINGBO等三个位置。
sh generate_ssl_keys.sh 重新生成文件后,覆盖掉原来位置的文件
重新访问,还是老问题。
SSL错误日志如下:
tail -f /var/log/httpd/ssl_error_log
[Mon Mar 14 09:48:50 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Mar 14 09:48:51 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Mar 14 10:01:08 2011] [error] [client 192.168.100.200] File does not exist: /var/www/html/favicon.ico
[Mon Mar 14 10:32:07 2011] [error] [client 192.168.100.200] File does not exist: /var/www/roundcubemail/iredadmin
[Mon Mar 14 11:01:15 2011] [error] [client 192.168.100.200] File does not exist: /var/www/html/favicon.ico
[Mon Mar 14 11:13:36 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Mar 14 11:13:39 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Mar 14 11:55:50 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Mar 14 11:55:50 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Mar 14 12:02:00 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Mar 14 12:02:03 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
老大给看看,啥个问题?