OK, I think I figured it out. It really is what the error says (Imagine that). I made myself a CA, then made another certificate. The other certificate was exactly the same as the CA one.
Now it works using ca.key and ca.crt. However now I have two questions. 1) Why can't you have two exact same certs? 2) If the can't be the same, what has to be different? .. (let me sneak in a third question) 3) Is it safe to use the CA certs on a server? Or should I use a machine that is not used via ssl normally and then copy the other certs over? .. (one more :)) 4) Is there more documentation for this these kind of questions? Did I miss it in the man page? Thanks everyone! Ron On Mon, 2003-06-02 at 15:48, Nauman, Ahmed [IT] wrote: > Ronald, > > The problem looks like your server SSL certificate does not have your > server name say www.yoursite.com as CN="www.yoursite.com" in Subject > Name. that is what bother client and server sides are showing in > messages and logs. Can you please confirm if this is correct ? > > Regards > Nauman > > -----Original Message----- > From: Ronald Petty [mailto:[EMAIL PROTECTED] > Sent: Monday, June 02, 2003 4:40 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Erro Code: -8182 > > > I get the follow error in my browser > > "Could not establish an encrypted connection because certificate > presented by test.example.dom is invalid or corrupted. Error Code: > -8182" > > when I go to my server via https. I looked in the archive and found > black magic like > > "restart your browser" > > I tried this spell, and alas, to no avail. > > This happened to me before and it worked by restarting the browser. > Needless to say I don't like the idea of people having to do that. And > better when I click on the ok button (even though it is really not ok) I > get this in my logs > > <hit my site via https and get the first error, this shows in the log> > > > [02/Jun/2003 15:25:47 01074] [info] Connection to child 5 established > (server test.example.dom:443, client x.x.x.x) > [02/Jun/2003 15:25:47 01074] [info] Seeding PRNG with 1160 bytes of > entropy > > <BAM hit OK, then this shows up> > > > [02/Jun/2003 15:29:12 01074] [error] SSL handshake failed (server > test.example.dom:443, client x.x.x.x) (OpenSSL library error follows) > [02/Jun/2003 15:29:12 01074] [error] OpenSSL: error:14094412:SSL > routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: > Subject CN in certificate not server name or identical to CA!?] > > > I have changed the client and the server name for my own security (don't > know if it matters). I heard that "CN in certificate not server name or > identical to CA!?" means dns is messed up, however DNS is working fine > for me (far as I can tell). I can pop/ssh/http to the test.example.dom > just fine. (No its not set in my /etc/host) > > Any idea at what I am doing wrong? I have never done this before so > please forgive my newby ways. > > Thanks > Ron > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
