I examined the mailing list archives and saw some related discussion, but
no direct answer to the following questions. Apologies if this is a rehash
of former discussion, but I could not find any which covers this specific
question.
Last week, I was running apache 1.3.6 + mod_php 3.0.10 + mod_ssl 2.3.5. This
config ran fine for MSIE 4.x+ and Netscape browsers. The certificate is a
Thawte wildcard cert; ie. *.blaze.net.au.
Then I upgraded to apache 1.3.9 + mod_php 3.0.12 + mod_ssl 2.4.5. Suddenly
both servers I use this wildcard certificate failed to work with any
browser.
In addition to the startup warning I get about the certificate not matching
the cannonical name of the current machine (which is different to the web
server name, which is a CNAME in the DNS), I also see the following.
[Mon Oct 18 21:48:12 1999] [error] mod_ssl: SSL handshake failed (client
203.17.53.132, server accounts.blaze.net.au:443) (OpenSSL library error
follows)
[Mon Oct 18 21:48:12 1999] [error] OpenSSL: error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in
certificate not server name!?]
Now, I agree about the mismatch, but it appears that support for wildcard
certificates has been completely withdrawn? I already realise the
limitations
of a wildcard CN, but this used to work fine, but now doesn't - with the
same
browsers.
Is there an easy solution other than forking out another AU$300 for two new
certs?
Regards,
David
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
