RSA server certificate is a CA certificate Error

brucew98's picture

Hi. When I look in my Apache error log, I am seeing the following error:

RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

They seem to happen around the time I try accessing my home server from work. I never get through from work and usually get a server not found error. I am using the LAMP installation in a virtual machine. How do I fix this error though?

Jeremy Davis's picture

Can't say I've come across that, although I haven't combed my apache logs either. Is it an error or just a warning or even perhaps just info? Not all 'errors' are issues that you need to resolve, The problem you are having may relate to something else completely

the answer's picture

It depends how you create the SSL cert. If you follow the advice on this website:

http://www.onlamp.com/2008/03/04/step-by-step-configuring-ssl-under-apac...

Then you will see the warning message above in your apache error.log file.

However, if you create the cert this way: https://devcenter.heroku.com/articles/ssl-certificate-self

Then the error message will be gone.

Essentially the error message means you have created a cert that is intended to be used to sign other certs, but you're using that cert as your SSL cert.

Dave M's picture

First I was getting the OP's error about a CA certificate. I tried the link from "hope this helps" and now I get the dreaded "Init: Private key not found." I've been trying to get this thing going for two days now and ready to pull my hair out.

Post new comment