RSA server certificate is a ca certificate (basicconstraints ca == true )
If your apache error log shows the following error: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?), how do you fix it?
If you see [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) in you apache error.log file means you have created a cert that is intended to be used to sign other certs, but you’re using that cert as your SSL cert.
How can we solve this problem?!
1. Generate private key and certificate signing request (type each line separately and execute in your terminal)
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 openssl rsa -passin pass:x -in server.pass.key -out server.key rm server.pass.key openssl req -new -key server.key -out server.csr
Note: when the openssl req command asks for a “challenge password”, just press return, leaving the password empty.
2. Generate SSL certificate
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Thats it! Hope this helps