0

I'm trying to add Self signed certificate on Squirrelmail (serat.16tkja.biz) on localhost, so it would not show NOT SECURED or Red HTTPS with a strikethrough. I have already created the certificate by following the tutorial in this site and import it to browsers (Chrome and Mozzila) but to no avail. The Certificate name is server.crt .

This is the configuration file from my /etc/apache2/sites-available/000-default.conf

<VirtualHost *:80>
    ServerName serat.16tkja.biz
    ServerAlias www.serat.16tkja.biz
    DocumentRoot /usr/share/squirrelmail

    Redirect permanent /usr/share/squirrelmail  https://serat.16tkja.biz </VirtualHost>

this is the default-ssl.conf

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
            ServerAdmin webmaster@16tkja.biz
            ServerName serat.16tkja.biz
            DocumentRoot /usr/share/squirrelmail
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
            SSLEngine on
            SSLCertificateFile      /etc/apache2/ssl/server.crt
            SSLCertificateKeyFile /etc/apache2/ssl/server.key
            #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
            #SSLCACertificatePath /etc/ssl/certs/
            #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

            <FilesMatch "\.(cgi|shtml|phtml|php)$">
                            SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory /usr/lib/cgi-bin>
                            SSLOptions +StdEnvVars
            </Directory>

            BrowserMatch "MSIE [2-6]" \
                            nokeepalive ssl-unclean-shutdown \
                            downgrade-1.0 force-response-1.0
            # MSIE 7 and newer should be able to use keepalive
            BrowserMatch "MSIE [17-9]" \  ssl-unclean-shutdown

    </VirtualHost>

this is the /etc/squirrelmail/apache.conf

<VirtualHost *:80>
  DocumentRoot /usr/share/squirrelmail
 ServerName serat.16tkja.biz
 </VirtualHost>

The Certificate installed successfully, and it showed in the browser certificate list. Screenshot of Certificate

jww
  • 97,681
  • 90
  • 411
  • 885
Nakagawa Yuuki
  • 29
  • 5
  • ***`CN=www.example.com`*** is probably wrong. Hostnames always go in the *SAN*. If its present in the *CN*, then it must be present in the *SAN* too (you have to list it twice in this case). For more rules and reasons, see [How do you sign Certificate Signing Request with your Certification Authority](http://stackoverflow.com/a/21340898/608639) and [How to create a self-signed certificate with openssl?](http://stackoverflow.com/q/10175812/608639) You will also need to place the self-signed certificate in the appropriate trust store. – jww Oct 03 '17 at 23:13
  • Thank you, i managed to make it green bar in the older browsers versions, but not the newest versions – Nakagawa Yuuki Oct 07 '17 at 11:00

0 Answers0