Re: [Openca-Users] Openca Apache & firefox

Wed, 11 May 2005 11:42:28 -0700 

El miÃ, 11-05-2005 a las 20:30 +0200, Maverick escribiÃ:
> Hi,
> 
> What's weird is that the https work in Konqueror (after importing the
> root ca), but not in firefox.

I'm not an expert but reading some docs. I found that there is a issue
with ssl libraries implemented in the different navigators.
> 
> And If i autosigns the request everything works. It's only if i signs it
> with the cacert.
> 
> I'm wondering if one of thoses points may be in cause:
> 
>  1 the CA is a 4096 bytes key
>  2 When issuing the request i modify the subjectAltName
> with two IP Address and two DNS name and the subject with
> two CN corresponding to the two DNS names
> 
> Could this be a bad idea ?
> 
> Johnny Gonzalez a Ãcrit :
> 
> >Hello Benoit,
> >
> >To issue the server certificate, you can use OpenCA's
> >interface, the third phase of the initialization
> >(Create the initial RA certificate), just follow the
> >steps, and in the fourth step (Handle the
> >certificate), after that, select to download the
> >certificate through mod_ssl and the certificate and
> >the private key will be shown in the screen in base64
> >format. Select each of them (certificate and private
> >key) and store them in separete files with the name
> >you want for them, then use them with apache as you
> >usually do.
> >
> >Hope this helps,
> >Johnny
> >
> > --- Benoit Plessis <[EMAIL PROTECTED]>
> >escribiÃ:
> >
> >  
> >
> >>Hello,
> >>
> >>I'm tweaking with a simple OpenCA PKI and today
> >>something weird
> >>happened, i created a private key for the server
> >>using:
> >>openssl genrsa -des3 1024 > serv.key
> >>openssl req -new -key serv.key > serv.csr
> >>
> >>Then i send the request through openca public
> >>interface and
> >>sign it via the CA interface (same method used for
> >>our VPN boxes).
> >>
> >>After that i configure apache-ssl with the new cert
> >>and
> >>i test a page using openssl s_client who say that
> >>there is an autosigned
> >>cert in the chain (my CA cert). using wget
> >>everything is ok but
> >>using firefox i got an 'certificate invalid or
> >>corrupt' message with an
> >>error code of -8101.
> >>
> >>Any idea ?
> >>
> >>Regards,
> >>Benoit Plessis
> >>
> >>
> >> pour
> >>
> >>
> >>
> >>    
> >>
> >-------------------------------------------------------
> >  
> >
> >>This SF.Net email is sponsored by Oracle Space
> >>Sweepstakes
> >>Want to be the first software developer in space?
> >>Enter now for the Oracle Space Sweepstakes!
> >>
> >>    
> >>
> >http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click
> >  
> >
> >>_______________________________________________
> >>Openca-Users mailing list
> >>[email protected]
> >>
> >>    
> >>
> >https://lists.sourceforge.net/lists/listinfo/openca-users
> >  
> >
> >
> >
> >
> >             
> >______________________________________________ 
> >Renovamos el Correo Yahoo! 
> >Nuevos servicios, mÃs seguridad 
> >http://correo.yahoo.es
> >
> >
> >-------------------------------------------------------
> >This SF.Net email is sponsored by Oracle Space Sweepstakes
> >Want to be the first software developer in space?
> >Enter now for the Oracle Space Sweepstakes!
> >http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click
> >_______________________________________________
> >Openca-Users mailing list
> >[email protected]
> >https://lists.sourceforge.net/lists/listinfo/openca-users
> >  
> >
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by Oracle Space Sweepstakes
> Want to be the first software developer in space?
> Enter now for the Oracle Space Sweepstakes!
> http://ads.osdn.com/?ad_ids93&alloc_id281&opÃk
> _______________________________________________
> Openca-Users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openca-users

Attachment: signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente

Reply via email to