Problem:
An Unix Apache/mod-ssl server .crt/.key pair generated from a
CSR/KEY signed by a self generated CA Cert on 32 bit Windows
will not work with the Netscape 4.72 client running on Linux Redhat
6.2.
However the same CSR/KEY signed by the same self generated CA
Cert on Redhat 6.2 Linux will work. It will also work with the
Microsoft Explorer 5.50.4522.1800 running on Windows 98,
regardless of where the .crt/.key pair was generated.
The Netscape client fails with the brain dead message "OpenSSL:
error:14094412: SSL routines:SSL3_READ_BYTES:sslv3 alert bad
certificate" in the apache log file.
It would appear that the Windows based OpenSSL ca program is
not consistant with the Unix based OpenSSL ca program.
Conditions:
Apache WWW server with mod-ssl (mod_ssl-2.7.1-1.3.14) running
on Linux Redhat 6.2.
Latest OpenSSL SNAP (same results with 0.9.6)
Netscape client 4.72 running on Linux Redhat 6.2
Microsoft Windows Explorer 5.50.4522.1800 on Windows 98
In all cases the .crt/.key pair is a 1024 bit RSA key.
The openssl.cnf file is identical on the Windows/Linux systems.
Has anyone else seen this behavior and have found a solution?
Ken
__________________________________________________
Support
InterSoft International, Inc.
Voice: 888-823-1541, International 281-398-7060
Fax: 888-823-1542, International 281-560-9170
[EMAIL PROTECTED]
http://www.securenetterm.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]