OpenSSL experts, I am running Apache 1.3.12 on an AIX4.3 system. I installed the mod_sll along with openssl according to the Apache instructions. The dummy certificates work fine after doing a make certificate. Naturally, I wanted my on self authorized certificates. So I followed the mod_sll instructions. At first it appeared it was working, but when I came in the next day I discovered that nearly all of my computers except for one could not connect to a secure https link. The Apache error_log reports: [Thu Sep 28 11:14:50 2000] [error] mod_ssl: SSL handshake failed (server beloit. edu:443, client 144.89.40.43) (OpenSSL library error follows) [Thu Sep 28 11:14:50 2000] [error] OpenSSL: error:14094412:SSL routines:SSL3_REA D_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?] I should also mention that I did get errors when trying to sign the server.csr file to create the server.crt file: # ./sign.sh server.csr CA signing: server.csr -> server.crt: Using configuration from ca.config unable to load 'random state' This means that the random number generator has not been seeded with much random data. Consider setting the RANDFILE environment variable to point at a file that 'random' data can be kept in (the file will be overwritten). Enter PEM pass phrase: Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'US' stateOrProvinceName :PRINTABLE:'Wisconsin' localityName :PRINTABLE:'Beloit' organizationName :PRINTABLE:'Beloit College' organizationalUnitName:PRINTABLE:'ITS' commonName :PRINTABLE:'beloit.edu' emailAddress :IA5STRING:'[EMAIL PROTECTED]' Certificate is to be certified until Sep 28 16:01:16 2001 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated CA verifying: server.crt <-> CA cert server.crt: /C=US/ST=Wisconsin/L=Beloit/O=Beloit College/OU=ITS/CN=beloit.edu/Em [EMAIL PROTECTED] error 18 at 0 depth lookup:self signed certificate /C=US/ST=Wisconsin/L=Beloit/O=Beloit College/OU=ITS/CN=beloit.edu/Email=webadmin @beloit.edu error 7 at 0 depth lookup:certificate signature failure Can anyone tell me what I might be doing wrong or give me any suggestions? Why did it work at first at least with some clients, but fail today? -Thanks! Tim Tim Tyler Network Engineer - Beloit College [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
