just a quick question, I'm kind of confused.
I've had set-up my own certification authority and I can create requests and signed them. But, I'm not sure, what I need to give to Apache, currently I've got:
CA Private key
CA Certificate
Website Private key
Website Certificate
Website Certificate Request (I think I do not need it, but just to be clear)
Until today I was using snakeoil certificate, but I've decided to have more SSL services, than CA looks as good solution, so my Apache was configured well, but now I am not sure what I shall provide to apache in following rules:
SSLCertificateKeyFile /path/to/Website Private Key
SSLCertificateFile /path/to/CA Certificate
But than I got
[Mon Dec 27 12:09:33 2010] [warn] RSA server certificate CommonName (CN) `EServer' does NOT match server name!?
[Mon Dec 27 12:09:33 2010] [error] Unable to configure RSA server private key
[Mon Dec 27 12:09:33 2010] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Something tells me than the warning is quite weird, because "EServer" is a common name of CA, so I think I shall not use CA Certificate in SSLCertificateFile, shall I?
Do I need to create Certificate from Website private key or something else?
I think you just mixed up your CA cert and your website cert:
You have configured your website private key with your CA cert file. These two will not match.
Additional info:
You don't have to configure your CA private key file in your apache, as it is not needed to verify your website cert file. It is just needed to sign new cert requests. But you have to assure every client knows your CA cert file.