"Ralf S. Engelschall" wrote:
> On Wed, Mar 10, 1999, glin wrote:
>
> > Seems to me, according to the message, the certificate is corrupted or
> > modified, or signed with a different private key from the ca's. Did you see
> > this msg in the server's log? Or in the browser?
Nothing appears in the log files but Netscape says: "The server's certificate has
an invalid signature. You will not be able to connect to this site securely."
> > >Hello Probably this question concerns the ssleay's work, but maybe someone
> > >here
> > can
> > >help me... When the sign.sh script verifies the certificate (ssleay verify
> > >-CAfile
> > ca.crt
> > >server.crt), the following error appears:
> > >
> > >error 7 at 0 depth lookup:certificate signature failure
> > >
> > >What could be wrong with certificate signature? And whoes one - ca.crt or
> > >server.crt? I did everything according to mod_ssl manual.
>
> BTW, the mod_ssl FAQ has some information how you can verify both whether the
> cert/key is ok on it's own and match each other.
I've checked it. The cert corresponds to its key.
I first thought that it could happen because I used the server key unencrypted or
because I left the challenge password blank. But then I tried encripted key and
supplied the challenge password while making CSR, but nothing were changed. BTW,
I entered all the fields in CA cert the same as in server CSR - could this be a
reason?
--
Anton Voronin | Ural Regional Center of FREEnet,
[EMAIL PROTECTED] | Southern Ural University, Chelyabinsk, Russia
http://www.urc.ac.ru/~anton | Programmer & System Administrator
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
