hi all,
I had apache 1.3.1 with mod_ssl 2.0.5 with SSLeay 0.8.0
configured with a test certificate. It was working and
I tested it using IE4.0 from NT4.
Even though it complained about the certificate not secured,
I was able to view the certificate and the browser was
in secure mode.
After a couple of hours I tried checking again from Netscape
on Unix and I get a Error
"The server's certificate has an invalid signature"
I saw this in the ssl.log
[27/Aug/1998:16:15:33 -0400] CIPHER is EXP-RC4-MD5
[27/Aug/1998:16:15:34 -0400] CIPHER is EXP-RC4-MD5
[27/Aug/1998:17:32:51 -0400] CIPHER is EXP-RC4-MD5
[27/Aug/1998:17:32:52 -0400] CIPHER is EXP-RC4-MD5
[27/Aug/1998:17:34:13 -0400] CIPHER is EXP-RC4-MD5
[27/Aug/1998:17:34:14 -0400] CIPHER is EXP-RC4-MD5
[27/Aug/1998:23:19:24 -0400] CIPHER is RC4-MD5
[27/Aug/1998:23:39:14 -0400] CIPHER is RC4-SHA
[28/Aug/1998:00:06:18 -0400] CIPHER is RC4-MD5
[28/Aug/1998:00:14:48 -0400] CIPHER is RC4-MD5
[28/Aug/1998:00:14:56 -0400] CIPHER is RC4-MD5
Error.log contains:
[Thu Aug 27 16:14:58 1998] [info] mod_unique_id: using ip addr 127.0.0.1
[Thu Aug 27 16:14:58 1998] ssl_gcache started
[Thu Aug 27 16:14:59 1998] [notice] Apache/1.3.1 (Unix) mod_ssl/2.0.5
SSLeay/0.8.0 configured -- resuming normal operations
[Thu Aug 27 16:14:59 1998] [info] Server built: Aug 26 1998 13:54:24
[Thu Aug 27 19:16:41 1998] [error] mod_ssl: SSL_accept failed
[Thu Aug 27 19:16:41 1998] [error] SSLeay: error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate
[Thu Aug 27 23:16:06 1998] [error] mod_ssl: SSL_accept failed
I created the certificates using the CA.sh script that comes with SSLeay.
I did verify that private key matches with its certificate using
ssleay x509 -noout -text -in server.cert
ssleay rsa -noout -text -in server.key
and verified the items
I am a newbie to this and would was elated that I finally got it working
after 3 days of headbanging... and then again ...
Anyway any help or pointers or more ifo is appreciated...
thanks in adv,
-Satya