Hi, I'm new to mod_ssl and am just trying to get something up and running with a dummy server certificate for testing purposes. I'm running on Windows NT 4, so I don't have the "make certificate" option available to me. I've followed the steps in Chapter 6 (FAQ List) of the mod_ssl manual to create a server.key and server.crt: D:\tmp>openssl genrsa -des3 -rand D:\WINNT\system32\MSHTML.DLL -out server.key D:\tmp>openssl req -new -key server.key -out server.csr D:\tmp>openssl genrsa -des3 -rand D:\WINNT\system32\MSHTML.DLL -out ca.key 1024 D:\tmp>openssl req -new -x509 -days 365 -key ca.key -out ca.crt D:\tmp>perl sign.pl server.csr where sign.pl is a Perl translation of the sign.sh program from the pkg.contrib directory. Unfortunately the final step above produces the following output when verifying the server.crt: CA verifying: 'server.crt' <-> CA cert: server.crt: /C=UK/ST=BANES/L=Bath/O=Radan Computational Ltd/OU=Product Developme nt [EMAIL PROTECTED] error 18 at 0 depth lookup:self signed certificate /C=UK/ST=BANES/L=Bath/O=Radan Computational Ltd/OU=Product Development Group/CN= [EMAIL PROTECTED] error 7 at 0 depth lookup:certificate signature failure Perhaps unsurprisingly given this, if I now startup Apache+mod_ssl using this server.key and server.crt and then try to connect from a web client (Communicator 4.7) I get the following pop-up error box: The server's certificate has an invalid signature. You will not be able to connect to this site securely. I believe my httpd.conf is OK because if I replace these server.key and server.crt with snakeoil-rsa.key and snakeoil-rsa.crt from the pkg.sslcfg directory then I can successfully connect to the SSL server. Any ideas on where I'm going wrong? OS: MS Windows NT4 Workstation SP6 Versions: Apache 1.3.12 mod_ssl 2.6.5 OpenSSL 0.9.5a TIA Steve Hay ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
