*sigh* Another thing that's overly sensitive to DNs. According to
SSLeay's internal documentation, those parameters may be optional. I
guess they really aren't.
That's exactly what the problem was. Thanks!
(on a side note, this also solves my problem of issuing certificates from
the Netscape Cert server on requests made through SSLeay).
On to the Kerberos problem...
Again, thanks for the help!
Wyman
On Wed, 29 Apr 1998, Ben Laurie wrote:
> Wyman Eric Miles wrote:
> >
> > I'm using Apache 1.2.6 and SSLeay 0.9.0 under Solaris. I've generated a
> > certificate for Apache using "make certificate" and configured everything.
> > The Web server starts without error but clients can't connect.
> >
> > The clients (Communicator 4.x) present the usual dialog boxes about secure
> > sites but never actually establish the connection. If I try again, I get
> > "the security library experienced an out of memory error. try connecting
> > again"
>
> This is often caused by not filling in all the fields in the cert. I've
> never looked at what gets logged, so this:
>
> > The Apache logs show:
> >
> > [Wed Apr 29 10:42:55 1998] Server configured -- resuming normal operations
> > [Wed Apr 29 10:43:17 1998] SSL_Accept failed
> > [Wed Apr 29 10:43:17 1998] error:14094412:SSL
> > routines:SSL3_READ_BYTES:sslv3 alert bad certificate
>
> may not be inconsistent with that idea. Worth a try, anyway!
>
> Cheers,
>
> Ben.
>
> --
> Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member
> Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org
> and Technical Director|Email: ben@algroup.co.uk |
> A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/
> London, England. |"Apache: TDG" http://www.ora.com/catalog/apache
>
Wyman Miles
Systems Administrator, Systems and LAN Management, Rice University, Texas.
(713) 737-5827, e-mail:wymanm@rice.edu, pager:wymanm@pager.rice.edu
SalMoN AntiSpam software for UNIX: http://is.rice.edu/~wymanm/smn