RE: verify error:num=21

2003-04-04 Thread Austin Conger (IT) 
thanks, thats what it was!



-Original Message-
From: Mads Toftum [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 03, 2003 3:06 PM
To: [EMAIL PROTECTED]
Subject: Re: verify error:num=21


On Thu, Apr 03, 2003 at 02:52:17PM -0500, Austin Conger (IT) wrote:
 Hi All,
  
 When I submit this command to my Verisign Certificate Secured Site I am getting this 
 error.
  
 openssl s_client -connect www.domain.com:443
  
 Its returning these errors:
  
 CONNECTED(0004)
 depth=0 /C=US/ST=michigan/L=some city/O=Company A LLC/OU=Terms of use at 
 www.verisign.com/rpa (c)00/CN=www.domain.com
 verify error:num=20:unable to get local issuer certificate
 verify return:1
 depth=0 /C=US/ST=michigan/L=some city/O=Company A LLC/OU=Terms of use at 
 www.verisign.com/rpa (c)00/CN=www.domain.com
 verify error:num=27:certificate not trusted
 verify return:1
 depth=0 /C=US/ST=michigan/L=some city/O=Company A LLC/OU=Terms of use at 
 www.verisign.com/rpa (c)00/CN=www.domain.com
 verify error:num=21:unable to verify the first certificate
 verify return:1
 etc
  
 Can anyone identify the reason as to why this is happening?  
  
Very simple really - openssl is telling you that it can't verify the
certificate because it does not know the CA that it was issued by.
Nothing strange or unexpected in that. Use one of the following to
enable verification:

 -CApath arg   - PEM format directory of CA's
 -CAfile arg   - PEM format file of CA's
 
By default openssl knows no CA's, so you need to get the CA cert
of the signer and use that.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Apache crashed if a SSL Engnie is on

2003-04-04 Thread Philipp Roos 
Hi!
I am activate in one of the virtual hosts the SSLEngine. (SSLEngine on)
then I start the apache
and get a: /usr/sbin/apachectl start: httpd could not be started
in the apache error log is just a: [notice] SIGHUP received.  Attempting to
restart
then there is no apache in the ps -aux list.

I have:
Server version: Apache/1.3.26 (Unix) Debian GNU/Linux
Server built:   Oct 26 2002 09:15:15

OpenSSL 0.9.6g 9 Aug 2002

the libapache-mod-ssl from debain
i don't know the version. i installed it with apt-get.

Some idear's?
thx for ever hint!

greetings Philipp

PS: if i don't activate the SSLEngine the server is running normaly
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: mod_ssl/2.8.13 and php AND Problem with 2.8.13 and Solaris 2.6

2003-04-04 Thread Jason Parsons 
I'm seeing similar problems after an upgrade to mod_ssl 2.8.13 under 
Solaris 2.8.

[Fri Mar 21 04:10:42 2003] [notice] child pid 4241 exit signal 
Segmentation Fault (11)
[Fri Mar 21 04:10:42 2003] [notice] child pid 4248 exit signal 
Segmentation Fault (11)
[Fri Mar 21 04:10:42 2003] [notice] child pid 4240 exit signal 
Segmentation Fault (11)

When accessing an https page using php.  http and php are fine.

Server: Apache/1.3.27 (Unix) FrontPage/5.0.2.2510 mod_perl/1.27 
PHP/4.2.3 mod_ssl/2.8.13 OpenSSL/0.9.7

SunOS hostname 5.8 Generic_108528-19 sun4u sparc SUNW,UltraAX-i2

Let me know if there is any debugging info I can grab for you folks.

  - Jason Parsons
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]