I all!



Maybe I'm too much novice on this, but I want to create a certificate for
each virtual host on my apache server (3 virtual hosts).

So I created my own CA, then one for each virtual host, like this:



Created the private CA and certificate:

openssl genrsa -out SSC_CA.key 1024

openssl req -new -key SSC_CA.key -out SSC_CA.csr

(then i have entered country, organization name, etc, with no
passphrase)

openssl x509 -req -days 365 -in SSC_CA.csr -out SSC_CA.crt -signkey
SSC_CA.key





Created for each server using the private CA:

openssl genrsa -out intra01.key 1024

openssl req -new -key intra01.key -out intra01.csr

(then i have entered country, organization name, etc, with no
passphrase)

openssl ca -in intra01.csr -cert SSC_CA.crt -keyfile SSC_CA.key -out
intra01.crt



openssl genrsa -out ssc01.key 1024

openssl req -new -key ssc01.key -out ssc01.csr

(then i have entered country, organization name, etc, with no
passphrase)

openssl ca -in ssc01.csr -cert SSC_CA.crt -keyfile SSC_CA.key -out
ssc01.crt



openssl genrsa -out sec01.key 1024

openssl req -new -key sec01.key -out sec01.csr

(then i have entered country, organization name, etc, with no
passphrase)

openssl ca -in sec01.csr -cert SSC_CA.crt -keyfile SSC_CA.key -out
sec01.crt





Then I configured each virtualhost on ssl.cnf with this lines (i copy

only this ones for not a very long e-mail):

SSLCertificateFile /usr/local/ssl/SSCCA/intra01.crt

SSLCertificateKeyFile /usr/local/ssl/SSCCA/intra01.key

SSLCACertificateFile /usr/local/ssl/SSCCA/SSC_CA.crt





It appears to be all ok, the appache starts with no problem, but when I try
to view the webpages firefox first tell me about the unknow certificate, i
add the exception, ok, then after adding the exception I get this error:





An error occurred during a connection to ssc01.dei.uc.pt.



SSL peer was unable to negotiate an acceptable set of security parameters.



(Error code: ssl_error_handshake_failure_alert)







Please tell me, what i have done wrong? Is there anything that I

fairly clear and I should understand in SSL and Certificates?





Thank you in advance!



David Carvalho