Problem openssl: ssl_error_handshake_failure_alert

Sat, 01 Nov 2008 08:00:57 -0700 

I all!

 

Maybe I'm too much novice on this, but I want to create a certificate for
each virtual host on my apache server (3 virtual hosts).

So I created my own CA, then one for each virtual host, like this:

 

Created the private CA and certificate:

  openssl genrsa -out SSC_CA.key 1024

  openssl req -new -key SSC_CA.key -out SSC_CA.csr

     (then i have entered country, organization name, etc, with no
passphrase)

  openssl x509 -req -days 365 -in SSC_CA.csr -out SSC_CA.crt -signkey
SSC_CA.key

 

 

Created for each server using the private CA:

  openssl genrsa -out intra01.key 1024

  openssl req -new -key intra01.key -out intra01.csr

     (then i have entered country, organization name, etc, with no
passphrase)

  openssl ca -in intra01.csr -cert SSC_CA.crt -keyfile SSC_CA.key -out
intra01.crt

 

  openssl genrsa -out ssc01.key 1024

  openssl req -new -key ssc01.key -out ssc01.csr

     (then i have entered country, organization name, etc, with no
passphrase)

  openssl ca -in ssc01.csr -cert SSC_CA.crt -keyfile SSC_CA.key -out
ssc01.crt

 

  openssl genrsa -out sec01.key 1024

  openssl req -new -key sec01.key -out sec01.csr

     (then i have entered country, organization name, etc, with no
passphrase)

  openssl ca -in sec01.csr -cert SSC_CA.crt -keyfile SSC_CA.key -out
sec01.crt

 

 

Then I configured each virtualhost on ssl.cnf with this lines (i copy

only this ones for not a very long e-mail):

  SSLCertificateFile /usr/local/ssl/SSCCA/intra01.crt

  SSLCertificateKeyFile /usr/local/ssl/SSCCA/intra01.key

  SSLCACertificateFile /usr/local/ssl/SSCCA/SSC_CA.crt

 

 

It appears to be all ok, the appache starts with no problem, but when I try
to view the webpages firefox first tell me about the unknow certificate, i
add the exception, ok, then after adding the exception I get this error:

 

 

An error occurred during a connection to ssc01.dei.uc.pt.

 

SSL peer was unable to negotiate an acceptable set of security parameters.

 

(Error code: ssl_error_handshake_failure_alert)

 

 

 

Please tell me, what i have done wrong? Is there anything that I

fairly clear and I should understand in SSL and Certificates?

 

 

Thank you in advance!

 

David Carvalho

Reply via email to