[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) - Apache Error Solution -

[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) - Apache Error Solution

Does this mean? [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

Basically it means you created your SSL Certificate as a CA the wrong way, usually with this command:

openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
 

How can you fix it and do it properly?

Step 1.) Make a new Private KeyCreate server pass key:

openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
Create private key
openssl rsa -passin pass:x -in server.pass.key -out server.key
remove server.pass.key (not needed after you have your private key)
rm server.pass.key

Step 2.) Generate your CSR

Use the newly created server.key (Private Key) to generate your CSR).

openssl req -new -key server.key -out server.csr

Step 3.) Create .CRT using your CSR

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

 


  • How to disable Google Fonts in Wordpress
  • Unable to load dynamic library /usr/lib64/php/modules/php_openssl
  • mysqld in Linux hacked
  • W: GPG error: http://archive.debian.org squeeze Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AED4B06F473041FA NO_PUBKEY 64481591B98321F9
  • cannot mount kvm ntfs image
  • h264 DVR security camera footage cannot be played
  • dhcpd.conf how to secure so only known and allowed clients will be given dhcpd IP address leases
  • Thunderbird E-mail List Blank White but e-mails still clickable and viewable
  • css responsive images
  • responsive table without changing much code solution
  • yum how to install old obsolete packages
  • PHP Howto Store Value of Included File Output Into Variable
  • PHP Migration from 5.3 to 5.4+ and dealing with deprecated functions
  • ffmpeg vidstab to stabilize video
  • userdel user userdel: cannot lock /etc/passwd; try again later.
  • mdadm how to mount inactive array
  • How to find and mount mdadm arrays automatically
  • M2Crypto.SSL.Checker.WrongHost: Peer certificate subjectAltName does not match host, expected fedora-archive.ip-connect.vn.ua, got DNS:mirror.ip-connect.vn.ua
  • [Wed Sep 20 15:34:44 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Wed Sep 20 15:34:44 2017] [error] Init: Unable to read server certificate from file /www/ssl-certs/server.crt [Wed Sep 20 15:34:44 2017] [error] SSL Library Err
  • linux how to answer yes to copy