In article <> you wrote:
> Data Base Updated
> CA verifying: server.crt <-> CA cert
> server.crt: /C=UK/ST=Scotland/L=Edinburgh/O=MIDS
> Europe/OU=Sysadmin/CN=John [EMAIL PROTECTED]
> error 7 at 0 depth lookup:certificate signature failure
Ok, as already said, first the CN is wrong. Use "www.yourdomain.dom" here.
Then perhaps you also used "John Pate" in the CA cert which can cause the
"signature failure" error. I advice you to use "make certificate TYPE=custom"
with the latest mod_ssl. Because there you get all-in-one: X.509 v3 certs with
CA flag, better hihts through default values, etc. And the signature and cert
modulus are compared automatically to make sure the generated certs are
correct.
> this comes from the ssl error log if I try to use that key--
> [Tue Oct 13 15:16:12 1998] [error] mod_ssl: Error reading SSL server
> certificate file /usr/local/apache/etc/ssl.key/server.key (SSLeay error
> follows)
> [Tue Oct 13 15:16:13 1998] [error] SSLeay: error:0906D06C:PEM
> routines:PEM_read_bio:no start line
The "no start line" means usually the PEM "----BEGIN CERTIFICATE---" Your
problem is obvious when you read the error message more carefully: "reading
... certificate ... server.key". You configured the server.key for
SSLCertificateFile. Use SSLCertificateKeyFile instead, please. When you use
APACI and "make certificate" this is all automatically and correctly setup for
you.
> PS. The really annoying thing is it works fine on my Linux Slackware 3.5
> machine at home!
Are you really sure? I think you have SSLCertificateKeyFile at home...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
