Re: Just a couple of questions about Global Server IDs

[Winged Wolf]

On Thu, 16 Dec 1999 [EMAIL PROTECTED] wrote:

> 1) Verisign's buying process is completely web based. In order to buy a
> Global Server ID one need to fill several web based forms. One of the first
> things that need to be specified is the web platform. Since Apache/ModSSL
> is not officially supported by Verisign, it is not listed in the web form.
> Do you know which platform should be specified in order to receive a Global
> Server ID that will work with Apache/ModSSL?

Select 'Stronghold', or 'Apache/Stronghold'.  (This is covered in the
FAQ for mod_ssl and OpenSSL.)

> 2) At present I set up a platform based on the following products:
> 
>      apache rel. 1.3.9
>      mod_ssl rel. 2.4.6-1.3.9
>      openssl rel. 0.9.4
> 
> This platform is working just fine with 40 bit certs. A couple of days ago
> I tried to verify a Global Server ID issued for a Micrsoft IIS platform (I
> used the "openssl verify" command) and I got the following error message:
> 
>      [EMAIL PROTECTED]:: ->openssl verify /tmp/global.txt
>      /tmp/global.txt: unable to load certificate file
>      22434:error:0D0A2007:asn1 encoding routines:d2i_X509_CINF:expecting an
>      asn1 sequence:x_cinf.c:106:address=1107018 offset=0
>      22434:error:0D09F004:asn1 encoding routines:d2i_X509:nested asn1
>      error:x_x509.c:99:address=1107016 offset=2
>      22434:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1
> lib:pem_lib.c:239:
> 
> This looks particularly bad to me because it has to do with the ASN syntax
> of the certificate. I believe there are only two possible explanations:
> 
>      1) Global Server IDs issued for Microsoft IIS platform ARE NOT
> standard
>      2) OpenSSL rel. 0.9.4 does not support Global Server IDs (if this is
> true, then my  apache based platform will not support them either....)

Try -inform der.  It could also have to do with CR/CR-LF conversion (or
lack thereof) in the file.  I haven't dealt specifically with GSIDs for
IIS, so I do not know.  (Since a certificate is useless without the
private key that goes with it, you may be able to post it so we can take a
look at it.)

---
Mat Butler, Winged Wolf                       <[EMAIL PROTECTED]>
SPASTIC Web Engineer                  SPASTIC Server Administrator


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]