Re: [apache-ssl] SSLeay complains "bad ceritificate"

To: apache-ssl@lists.aldigital.co.uk
Subject: Re: [apache-ssl] SSLeay complains "bad ceritificate"
From: "Ralf S. Engelschall" <rse@engelschall.com>
Date: Fri, 28 Aug 1998 10:23:41 +0200
Delivered-To: mailing list apache-ssl@lists.aldigital.co.uk
Mailing-List: contact apache-ssl-help@lists.aldigital.co.uk; run by ezmlm
Organization: http://www.apache-ssl.org
Organization: Engelschall, Germany.
Reply-To: apache-ssl@lists.aldigital.co.uk
Reply-To: rse@engelschall.com


In article <Pine.BSF.4.01.9808280030140.2369-100000@srv.kapmail.com> you wrote:

> I had apache 1.3.1 with mod_ssl 2.0.5 with SSLeay 0.8.0
> configured with a test certificate. It was working and
> I tested it using IE4.0 from NT4.
> Even though it complained about the certificate not secured,
> I was able to view the certificate and the browser was 
> in secure mode.

> After a couple of hours I tried checking again from Netscape 
> on Unix and I get a Error
> "The server's certificate has an invalid signature"

> I saw this in the ssl.log

> [27/Aug/1998:16:15:33 -0400] CIPHER is EXP-RC4-MD5
> [27/Aug/1998:16:15:34 -0400] CIPHER is EXP-RC4-MD5
> [27/Aug/1998:17:32:51 -0400] CIPHER is EXP-RC4-MD5
> [27/Aug/1998:17:32:52 -0400] CIPHER is EXP-RC4-MD5
> [27/Aug/1998:17:34:13 -0400] CIPHER is EXP-RC4-MD5
> [27/Aug/1998:17:34:14 -0400] CIPHER is EXP-RC4-MD5
> [27/Aug/1998:23:19:24 -0400] CIPHER is RC4-MD5
> [27/Aug/1998:23:39:14 -0400] CIPHER is RC4-SHA
> [28/Aug/1998:00:06:18 -0400] CIPHER is RC4-MD5
> [28/Aug/1998:00:14:48 -0400] CIPHER is RC4-MD5
> [28/Aug/1998:00:14:56 -0400] CIPHER is RC4-MD5

> Error.log contains:

> [Thu Aug 27 16:14:58 1998] [info] mod_unique_id: using ip addr 127.0.0.1
> [Thu Aug 27 16:14:58 1998] ssl_gcache started
> [Thu Aug 27 16:14:59 1998] [notice] Apache/1.3.1 (Unix) mod_ssl/2.0.5
> SSLeay/0.8.0 configured -- resuming normal operations
> [Thu Aug 27 16:14:59 1998] [info] Server built: Aug 26 1998 13:54:24
> [Thu Aug 27 19:16:41 1998] [error] mod_ssl: SSL_accept failed
> [Thu Aug 27 19:16:41 1998] [error] SSLeay: error:14094412:SSL
> routines:SSL3_READ_BYTES:sslv3 alert bad certificate
> [Thu Aug 27 23:16:06 1998] [error] mod_ssl: SSL_accept failed

> I created the certificates using the CA.sh script that comes with SSLeay.

> I did verify that private key matches with its certificate using
> ssleay x509 -noout -text -in server.cert
> ssleay rsa -noout -text -in server.key
> and verified the items

> I am a newbie to this and would was elated that I finally got it working
> after 3 days of headbanging... and then again ...

> Anyway any help or pointers or more ifo is appreciated... 

Perhaps this is again the problem of an incorrect Subject name in the
certificate. Make sure the name is not your personal name. It has to be the
FQDN of your webserver.
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

Follow-Ups:
- Re: [apache-ssl] SSLeay complains "bad ceritificate"
  - From: Satya Devireddy <satya@dspsoft.com>

Prev by Date: SSLeay complains "bad ceritificate"
Next by Date: Automatically selecting certificate
Prev by thread: SSLeay complains "bad ceritificate"
Next by thread: Re: [apache-ssl] SSLeay complains "bad ceritificate"
Index(es):
- Date
- Thread