Here is some more info. I have an external device, an ibutton (www.ibutton.com) that has worked fine with previous versions of OpenCA. If I have the ibutton attached, I get the invalid cert error. If I remove the ibutton, everything works. I know the solution is simple, stop using the ibutton. I even went back to the
openssl-0.9.7-stable-SNAP-20020520 version of openssl and same thing. Has anything major changed in the way a request is made that might be incompatable?
Ed Eden wrote: > netscape doesn't like ra cert. IE works through. > > Anyone else get this? > > > openca-0.9.1-RC7 > openssl-0.9.7-stable-SNAP-20021201 > > I put the ca cert and the ra cert generated by the "openca init" > initialization phase 1 and 3 into an apache web server. This has worked > with previous version by the way. I then try to access the RA web server > with netscape 4 and get "invalid cert" error. The apache logs have: > > [Tue Dec 3 12:03:55 2002] [error] mod_ssl: SSL handshake failed (server > bluera.rxxx.xxx.xxx:4443, client 11.11.11.11) (OpenSSL library error > follows) > [Tue Dec 3 12:03:55 2002] [error] OpenSSL: error:14094412:SSL > routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN > in certificate not server name or identical to CA!?] Do you enter the correct servername? It sounds silly but bluera is not bluera.r*. All browsers support searchdomains for DNS but not all browsers support this feature in their certificate verification. Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org
------------------------------------------------------- This SF.net email is sponsored by: Microsoft Visual Studio.NET comprehensive development tool, built to increase your productivity. Try a free online hosted session at: http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
