I just had the same problem today. I fixed it but I dont know exactly what I did that made it work. I checked the hostname -f and it gave me an alias at first, try hostname -vf and lookfor h_name=`...'. Even if your using a vhost you should use your regular host name in the csr. Good Luck! Barry Hill wrote: > > Dear open-ssl experts! > > Iīve turned to the mailing list as I have a problem getting > openssl to work. Basically, I canīt get the server's > certificate signature to work. Apache fires up OK in non-ssl > mode, but the following errors occur in ssl mode: > > Netscape (Linux): "The serverīs certificate has an invalid > signature. You will not be able to connect to this site > securely". > > Opera Browser: "Transmission failure" > > I've enclosed the logs in the hope that someone will be able > to help! Please, itīs important! > > SSL_Engine_Log: > [info] Server: Apache/1.3.6, Interface: mod_ssl/2.3.5, Library: OpenSSL/0.9.3a > [info] Init: 1st startup round (still not detached) > [info] Init: Initializing OpenSSL library > [info] Init: Loading certificate & private key of SSL-aware server >box.company.de:443 > [info] Init: 2nd startup round (already detached) > [info] Init: Reinitializing OpenSSL library > [info] Session Cache Status: 0 elements > [info] Init: Seeding PRNG with 8 bytes of entropy > [info] Init: Generating temporary RSA private keys (512/1024 bits) > [info] Init: Configuring temporary DH parameters (512/1024 bits) > [info] Init: Initializing (virtual) servers for SSL > [info] Init: Configuring server box.company.de:443 for SSL protocol > [info] Connection to child 0 established (server box.company.de:443) > [error] SSL handshake failed (client 195.8.91.231, server box.company.de:443) >(OpenSSL library error foll > [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad >certificate [Hint: Subject CN in > certificate not server name!?] > > Apache error_log: > [Mon Jul 19 11:51:58 1999] [error] mod_ssl: SSL handshake failed (client 212.41... > [Mon Jul 19 11:51:58 1999] [error] OpenSSL: error:14094412:SSL >routines:SSL3_READ_BYTES:sslv3 alert bad > certificate [Hint: Subject CN in certificate not server name!?] > > BTW: the server name I entered when making the certificate is the output of >"hostname -f". > > I just can't see what's wrong... > > Barry > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
