when i sign a csr with my own-CA key (i dont know if it's the good way ...) apache refuse to start could it be because it don't know this CA and refuse a false signed cert ???? the ssl log looks like that: [24/Jul/2001 16:02:25 00189] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch [24/Jul/2001 16:03:00 00224] [info] Server: Apache/1.3.20, Interface: mod_ssl/2.8.4, Library: OpenSSL/0.9.6a [24/Jul/2001 16:03:00 00224] [warn] You are using mod_ssl under Win32. This combination is *NOT* officially supported. Use it at your own risk! [24/Jul/2001 16:03:00 00224] [info] Init: 1st startup round (still not detached) [24/Jul/2001 16:03:00 00224] [info] Init: Initializing OpenSSL library [24/Jul/2001 16:03:00 00224] [info] Init: Loading certificate & private key of SSL-aware server bogus_host_without_reverse_dns:443 [24/Jul/2001 16:03:00 00224] [info] Init: Seeding PRNG with 136 bytes of entropy [24/Jul/2001 16:03:02 00224] [info] Init: Generating temporary RSA private keys (512/1024 bits) [24/Jul/2001 16:03:03 00224] [info] Init: Configuring temporary DH parameters (512/1024 bits) [24/Jul/2001 16:03:03 00224] [info] Init: Seeding PRNG with 136 bytes of entropy [24/Jul/2001 16:03:03 00224] [info] Init: Configuring temporary RSA private keys (512/1024 bits) [24/Jul/2001 16:03:03 00224] [info] Init: Configuring temporary DH parameters (512/1024 bits) [24/Jul/2001 16:03:03 00224] [info] Init: Initializing (virtual) servers for SSL [24/Jul/2001 16:03:03 00224] [info] Init: Configuring server bogus_host_without_reverse_dns:443 for SSL protocol [24/Jul/2001 16:03:03 00224] [warn] Init: (bogus_host_without_reverse_dns:443) RSA server certificate CommonName (CN) `10.1.7.14' does NOT match server name!? [24/Jul/2001 16:03:03 00224] [error] Init: (bogus_host_without_reverse_dns:443) Unable to configure RSA server private key (OpenSSL library error follows) [24/Jul/2001 16:03:03 00224] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch any ID ?? thx ******************************************************************* L'integrite de ce message n'etant pas assuree sur internet, Natexis Banques Populaires ne peut etre tenu responsable de son contenu. Toute utilisation ou diffusion non autorisee est interdite. Si vous n'etes pas destinataire de ce message, merci de le detruire et d'avertir l'expediteur. The integrity of this message cannot be guaranteed on the Internet. Natexis Banques Populaires can not therefore be considered responsible for the contents. Any unauthorized use or dissemination is prohibited. If you are not the intended recipient of this message, then please delete it and notify the sender. ******************************************************************* ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
