RE: ssl no response

Wed, 30 Jan 2002 12:11:56 -0800 


 I've changed the conf now to see:

 <VirtualHost ssl.domain.net:443 >
     SSLEngine on
     SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
     SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
     SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key


     ServerAdmin [EMAIL PROTECTED]
     DocumentRoot /www/domain.net/ssl
     ServerName domain.net
     ErrorLog logs/443error_log
     CustomLog logs/443access_log common
     ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
     Group users
 <Directory /www/domain.net/ssl>
    AuthName "ssl"
    AuthType Basic
    AuthUserFile auth/.htpasswd
    Require user aodhan
    SSLVerifyClient require
    SSLVerifyDepth 1
    SSLRequireSSL
 </Directory>

 </VirtualHost>

 When I test (debug) it succedes to local host, but not to the actual
virtual host.

# openssl s_client -connect ssl.domain.net:443
-state -debug
connect: Connection refused
connect:errno=111
# openssl s_client -connect localhost:443 -state
-debug
CONNECTED(00000003)

 I have the listen 443 statment included, just inside Section 2:

<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>

 Looking into the ssl_engine_log, I see the following error:

[30/Jan/2002 13:13:26 28201] [warn]  Init: (saratoga.domain.net:443) RSA
server certificate CommonName (CN) `www.domain.net' does NOT match server
name!?
[30/Jan/2002 13:13:26 28201] [info]  Init: Configuring server
domain.net:443 for SSL protocol
[30/Jan/2002 13:13:26 28201] [warn]  Init: (domain.net:443) RSA server
certificate CommonName (CN) `www.domain.net' does NOT match server
name!?


-- 


   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

        Aodhan H.

        -   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -
                   Ad Astra per Aspera
                          A Rough Road Leads To The Stars
        -   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -

         Freedom is something you have, not something you're given.

   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]























					Reply via email to