I'm having trouble getting a new SSL certificate installed. I created
the request with the same keygen.tcl file used to generate the
request for this service a year ago, but SSL is failing with the new
certificate/key combination. I get these two lines in the error log
for every request:
Debug: nsssl: failed to decrypt secret session key
Error: nsssl: ssl connection failed, bsafe error 524
I'm sure I'm using the 128-bit SSL module because the server log
contains
Notice: nsssl: initialized with 128-bit domestic encryption
I tried using nsopenssl, but can't even get the server to start
with the new or old certificates. It dies with:
Error: nsopenssl: error loading private key file "/web/tufte/oldkeys/keyfile.pem"
Things I've tried: (1) reinstalling the latest version of openssl,
(2) rebuilding nsopenssl 1.1c, (3) experimenting with file permissions
(644 and 600), (4) ensuring the keyfile doesn't have a passphrase in
it, and (5) ensuring that the files are really where AOLserver thinks
they are. None of these have worked.
Does anyone have experience in fixing either of these problems --
either (1) getting rid of "bsafe error 524" or (2) getting certificates
created for a keygen.tcl/nsssl request working with nsopenssl?
David
