On Thu, 16 Dec 1999 [EMAIL PROTECTED] wrote:
> 1) Verisign's buying process is completely web based. In order to buy a
> Global Server ID one need to fill several web based forms. One of the first
> things that need to be specified is the web platform. Since Apache/ModSSL
> is not officially supported by Verisign, it is not listed in the web form.
> Do you know which platform should be specified in order to receive a Global
> Server ID that will work with Apache/ModSSL?
Select 'Stronghold', or 'Apache/Stronghold'. (This is covered in the
FAQ for mod_ssl and OpenSSL.)
> 2) At present I set up a platform based on the following products:
>
> apache rel. 1.3.9
> mod_ssl rel. 2.4.6-1.3.9
> openssl rel. 0.9.4
>
> This platform is working just fine with 40 bit certs. A couple of days ago
> I tried to verify a Global Server ID issued for a Micrsoft IIS platform (I
> used the "openssl verify" command) and I got the following error message:
>
> [EMAIL PROTECTED]:: ->openssl verify /tmp/global.txt
> /tmp/global.txt: unable to load certificate file
> 22434:error:0D0A2007:asn1 encoding routines:d2i_X509_CINF:expecting an
> asn1 sequence:x_cinf.c:106:address=1107018 offset=0
> 22434:error:0D09F004:asn1 encoding routines:d2i_X509:nested asn1
> error:x_x509.c:99:address=1107016 offset=2
> 22434:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1
> lib:pem_lib.c:239:
>
> This looks particularly bad to me because it has to do with the ASN syntax
> of the certificate. I believe there are only two possible explanations:
>
> 1) Global Server IDs issued for Microsoft IIS platform ARE NOT
> standard
> 2) OpenSSL rel. 0.9.4 does not support Global Server IDs (if this is
> true, then my apache based platform will not support them either....)
Try -inform der. It could also have to do with CR/CR-LF conversion (or
lack thereof) in the file. I haven't dealt specifically with GSIDs for
IIS, so I do not know. (Since a certificate is useless without the
private key that goes with it, you may be able to post it so we can take a
look at it.)
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]