Re: SSL received a record that exceeded the maximum permissible length
Yes, I imported the CA certificate in my browser. At this point, I don't know if there is a problem with the certificate or the setup of Apache. thanks, On Sat, Feb 20, 2010 at 10:13 PM, Stephen Powell wrote: > On Sat, 20 Feb 2010 21:14:36 -0500 (EST), Bernard Fay wrote: > > I create a CA certificate and site certificate according to > > http://www.debian-administration.org/articles/618. > > > > I set it up in Apache under Debian Lenny. > > > > When I try to access the site, I receive the following message: > > > > Secure Connection Failed > > An error occurred during a connection to www.kingstongrant.com. > > SSL received a record that exceeded the maximum permissible length. > > (Error code: ssl_error_rx_record_too_long) > > > > What could be wrong? Am I missing a module? I have the following > modules > > loaded in Apache. > > > > apache2ctl -M > > Loaded Modules: > > core_module (static) > > log_config_module (static) > > logio_module (static) > > mpm_prefork_module (static) > > http_module (static) > > so_module (static) > > alias_module (shared) > > auth_basic_module (shared) > > authn_file_module (shared) > > authz_default_module (shared) > > authz_groupfile_module (shared) > > authz_host_module (shared) > > authz_user_module (shared) > > autoindex_module (shared) > > cgi_module (shared) > > deflate_module (shared) > > dir_module (shared) > > env_module (shared) > > mime_module (shared) > > negotiation_module (shared) > > perl_module (shared) > > php5_module (shared) > > proxy_module (shared) > > proxy_http_module (shared) > > setenvif_module (shared) > > ssl_module (shared) > > status_module (shared) > > Syntax OK > > > > You say you created a CA certificate and a site certificate on your site. > Let's call that site A. So the web server on site A is using a site > certificate signed by a homemade CA certificate. Now you try to do > a secure SSL connection to site A from site B. But ... > > Does site B have that homemade CA certificate installed in its > repository of trusted CAs? If not, then it won't work. I'm not sure > about a "record length exceeded" error; but I do know that if site > B does not have the CA certificate that signed the site certificate > that site A's web server is using installed in its database of trusted > CAs that TLS negotiation will certainly fail. > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: > http://lists.debian.org/1018608095.13923661266721987968.javamail.r...@md01.wow.synacor.com > >
Re: SSL received a record that exceeded the maximum permissible length
On Sat, 20 Feb 2010 21:14:36 -0500 (EST), Bernard Fay wrote: > I create a CA certificate and site certificate according to > http://www.debian-administration.org/articles/618. > > I set it up in Apache under Debian Lenny. > > When I try to access the site, I receive the following message: > > Secure Connection Failed > An error occurred during a connection to www.kingstongrant.com. > SSL received a record that exceeded the maximum permissible length. > (Error code: ssl_error_rx_record_too_long) > > What could be wrong? Am I missing a module? I have the following modules > loaded in Apache. > > apache2ctl -M > Loaded Modules: > core_module (static) > log_config_module (static) > logio_module (static) > mpm_prefork_module (static) > http_module (static) > so_module (static) > alias_module (shared) > auth_basic_module (shared) > authn_file_module (shared) > authz_default_module (shared) > authz_groupfile_module (shared) > authz_host_module (shared) > authz_user_module (shared) > autoindex_module (shared) > cgi_module (shared) > deflate_module (shared) > dir_module (shared) > env_module (shared) > mime_module (shared) > negotiation_module (shared) > perl_module (shared) > php5_module (shared) > proxy_module (shared) > proxy_http_module (shared) > setenvif_module (shared) > ssl_module (shared) > status_module (shared) > Syntax OK > You say you created a CA certificate and a site certificate on your site. Let's call that site A. So the web server on site A is using a site certificate signed by a homemade CA certificate. Now you try to do a secure SSL connection to site A from site B. But ... Does site B have that homemade CA certificate installed in its repository of trusted CAs? If not, then it won't work. I'm not sure about a "record length exceeded" error; but I do know that if site B does not have the CA certificate that signed the site certificate that site A's web server is using installed in its database of trusted CAs that TLS negotiation will certainly fail. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1018608095.13923661266721987968.javamail.r...@md01.wow.synacor.com
SSL received a record that exceeded the maximum permissible length
Hi, I create a CA certificate and site certificate according to http://www.debian-administration.org/articles/618. I set it up in Apache under Debian Lenny. When I try to access the site, I receive the following message: Secure Connection Failed An error occurred during a connection to www.kingstongrant.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) What could be wrong? Am I missing a module? I have the following modules loaded in Apache. apache2ctl -M Loaded Modules: core_module (static) log_config_module (static) logio_module (static) mpm_prefork_module (static) http_module (static) so_module (static) alias_module (shared) auth_basic_module (shared) authn_file_module (shared) authz_default_module (shared) authz_groupfile_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) cgi_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) mime_module (shared) negotiation_module (shared) perl_module (shared) php5_module (shared) proxy_module (shared) proxy_http_module (shared) setenvif_module (shared) ssl_module (shared) status_module (shared) Syntax OK Thanks, Bernard