sslv3 alert bad certificate... Subject CN in certificate not server name

Tue, 16 Mar 1999 17:43:58 -0500 

Hello,

I am running apache 1.3.4, perl 500502, mod_perl 1.18, mod-ssl
2.2.4-1.3.4, openssl 0.9.1c on a challenge S running IRIX OS 6.5.2.

I was able to compile, and make, and start the Server and have verified
that both mod-ssl and mod-perl are running (under http). However the
certificate I made and signed as my own CA is not working. Here's what
my error_log says when I try https:

My error_log says
    mod_ssl: SSLhandshake failed (client 208.8.190.31, server
IRIS.ldr.com:443) (OpenSSL library error follows)
    OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
certificate [Hint: Subject CN in certificate not server name!?]

I'm using a Netscape Communicator 4.5 on a Unix box. I get the message:
"The server's certificate has an invalid signature..."

Here's how I made the certificate. From apache source directory:
    %make certificate TYPE=custom CRT=/tmp/my_ca.crt

I've tried various renditions of this, with and without the KEY. I've
also tried NOT putting the email address in the DN, as I noticed that it
was added to the CN in the certificate.

I subsequently compared the certificate and key with following commands:

    % ssleay x509 -noout -modulus -in server.crt | ssleay md5
    % ssleay rsa -modulus -noout -text -in server.key | ssleay md5

And the modulus was the same.

I also ran following command to inspect the certificate:

    % ssleay x509 ?noout ?text ?in server.crt | more

I'm at a loss as to what to do here. However, I should say that although
I have OpenSSL 0.9.1c, I have been using ssleay instead of openssl -- as
I can't find openssl on my box. Ralf's website under the FAQ's page
shows examples using "openssl" -- but I can't find it and so have been
using "ssleay" -- I suppose they are the same utility?


Have I left anything out?

--
Richard Robinson
Web Administrator
Litho Development & Research
[EMAIL PROTECTED]
503-255-5800 x172


______________________________________________________________________
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List               [EMAIL PROTECTED]
Automated List Manager                       [EMAIL PROTECTED]

Reply via email to