This is what i found out...
Once i start the apache.exe from commandline,
it asks for the passphrase for the private key.
I enter it and it says the server has started.
But it seems like it is not started. I had put
logtype=debug in httpd.conf and followed the trace
in the ssl_error_log. The trace shows that it asks
for the passphrase again even after entering it
once before.So i went ahead and entered my passphrase
again in commandline(even though it didnt ask for it)
and everything seems to work fine...I was able to
see the response.
I checked out with the openssl tool.
once you enter the passphrase first time, the s_client
module still seem to wait for server hello. When
i enter the passphrase again, i see all the messages
(server hello/certificate etc) in the opentool
output.
(...and now i know why my dummy cert worked fine,
because i didnt give a passphrase to protect
my private key for the dummy cert)
Thanks
Vijay
--- vijay karthik <[EMAIL PROTECTED]> wrote:
> Eventhough the openssl complains for the
> certificate, it doesnt seem to to mean
> much. Because i tried the same certificate on
> my Unix installation(same setup:apache/modssl/bsafe)
> it worked very fine. And still the openssl
> tool on unix complained. probably the error
> shown by the tool is not related to the
> problem i am seeing.
>
> The fact that the dummy certs work fine
> but not verisign certs should give some lead to
> which component the problem could lie in.
> (could it be in mod_ssl/openssl/bsafe patch?)
>
> Any guesses?
> thanks
> vijay
>
> --- vijay karthik <[EMAIL PROTECTED]> wrote:
> >
> > Hi !
> >
> > The apache server is working with the
> > dummy certs but not the verisign cert.
> >
> > I ran the command,
> > openssl verify <mycertificatename>
> >
> > i got the following error
> > verisign.crt:
> >
>
/C=US/ST=california/L=location/O=xyzInc/OU=test/CN=Mypc
> > .xyz.com
> > error 20 at 0 depth lookup:unable to get local
> > issuer
> > certificate
> >
> > I dont have any trust points installed on my
> apache
> > server(which i hope is not needed)
> >
> > Any idea on what the problem could be ?
> >
> > thanks
> > Vijay
> > --- vijay karthik <[EMAIL PROTECTED]> wrote:
> > >
> > > The httpd.conf was taken from unix and
> > > <Ifdefine SSL> was failing hence the
> > > modules were not getting loaded.
> > > I removed the IfDefine from httpd.conf.
> > > (thats the reason we give -DSSL in commandline
> > > to start httpd on Unix ?)
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Talk to your friends online with Yahoo! Messenger.
> > http://im.yahoo.com
> >
>
______________________________________________________________________
> > OpenSSL Project
> > http://www.openssl.org
> > Development Mailing List
> > [EMAIL PROTECTED]
> > Automated List Manager
> > [EMAIL PROTECTED]
> >
> __________________________________________________
> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://im.yahoo.com
>
______________________________________________________________________
> OpenSSL Project
> http://www.openssl.org
> Development Mailing List
> [EMAIL PROTECTED]
> Automated List Manager
> [EMAIL PROTECTED]
>
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
