and with explorer too. Hello out there,
[EMAIL PROTECTED] said:
> had exactly the same problem when I compile my new Apache server (2.2.0)
> with mod_ssl. To be short, I think you are using the packaged OpenSSL. I
> fixed the problem by re-compiling the OpenSSL on the system with shared
> option, but first remove the pre-installed OpenSSL package.
I've got the same problem. I compiled openssl-0.9.8a with Sun Forte Studio 10.
doesn't matter, problem remains.
For the record. Created our own root-CA, signed it by himself,
Created server-certificate and signed it by the just created root-CA.
Loaded the root-CA into firefox/explorer and configured apache with the
server-certificate without errors.
firefox and explorer complain with unknown error, when initiated https-request.
On command-line, I've verified the certificate with
openssl verify -issuer_checks -CApath /var/opt/openssl
/etc/opt/apache2/ssl.crt/server.crt
which results in
error 29 at 0 depth lookup:subject issuer mismatch
That seems the main problem.
Perhaps the creation of our root-CA/server-cert
process isn't correct. Or 0.9.8a isn't as tolerant as 0.9.7.
(we followed the same procedure, as with 0.9.7 a year ago.) So it's an
openssl-problem.
The web suggestes, that organisation-name of certificate and root-CA should be
different in each/all parts of the name. But I'm a little bit unwilling to
accept this argument, because it's unresonable to me. One difference should be
sufficient. That the case in our process.
Thanks for commenting
Klaus
--
"Sure, vi is user friendly.
It's just particular about who it makes friends with." ;-)
_________________________
Klaus Elsbernd; System Administrator, BOFH | [EMAIL PROTECTED]
Deutsches Forschungsz. für Künstliche Intelligenz | DFKI GmbH, Geb. 57/285
67657 Kaiserslautern; Germany Fernruf: 0631/205-3486 Fernbild: -3457
pgp4W6mgZpFRg.pgp
Description: PGP signature
