DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21160>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21160 SSL certificate chain handling suddenly fails to work properly Summary: SSL certificate chain handling suddenly fails to work properly Product: Apache httpd-2.0 Version: 2.0.45 Platform: PC OS/Version: Linux Status: NEW Severity: Normal Priority: Other Component: mod_ssl AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] There is as yet not much information here, I will have to try a few things first (next week, not today it's about 05:00). But here is what happens: Apache has been configured with three IP-based virtual servers on three different IP addresses. On each of these addresses, we have an SSL server, thus three SSL servers in total. One with a self-signed root CA certificate ROOT->C1->SSL virtual host Two with an 'official' CA certificate ROOT->C1->C2->SSL virtual host Everything has been configured, Apache has been happily chugging along... But then... After a restart, Apache goes through the SSL virtual servers and asks the password for each of the three private keys (good). After this, it fails (bad) with the following error in the error log: "Failed to configure CA certificate chain!" (Some additional info would have been of use, too) The weird thing is that the configuration for SSL had not changed at all. Thus the production server was suddenly dead in the water w/o reason. Also, each of the SSL virtual servers work if they are the only ones in the config file. Certain pairs also work, but not all. Finally, 'openssl verify' does not find anything amiss with the CA chains. So, that's all for now. More to follow (hopefully) What is this server: Apache/2.0.45 + mod_ssl/2.0.45 + OpenSSL/0.9.7b on a RH7.3 OS with gcc-2.96-110 and glibc-2.2.5-39 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
