#1103346 apache2: incorrect instructions for generating snakeoil for non-hostname

Package:
apache2
Source:
apache2
Description:
Apache HTTP Server
Submitter:
Martin-Éric Racine
Date:
2025-04-16 14:54:02 UTC
Severity:
normal
#1103346#5
Date:
2025-04-16 14:51:06 UTC
From:
To:
/usr/share/doc/apache2/README.Debian.gz states that:
------------------------------------------------------------------------------
        make-ssl-cert generate-default-snakeoil --force-overwrite

To create more certificates with different host names, you can use

        make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /path/to/cert-file.crt
------------------------------------------------------------------------------

The second line generates a certificate that fails to pass Firefox's self-signed certificate error, while the first line has no --option to generate a snakeoil cert for a non-hostname virtual host (this host runs different services on different IP addresses and they resolve to a different hostname).

Martin-Éric