It looks like the default CA certificate that comes with openssl has expired...
The solution to this is to generate your own CA and then generate and sign your server certificate using this own CA. If you have perl in your machine, try this url (although its meant for FreeBSD, it works just as well on Linux): http://www.freebsddiary.org/openssl-client-authentication.php Just follow the part until he generates the server certificate and insert this and the CA on httpd.conf. The second part he's actually admited to me is not the client certificate he was mentioning, but rather the server certificate. Regards Jose -----Original Message----- From: Zandi Patrick S TSgt AFRL/IFOSS [mailto:[EMAIL PROTECTED]] Sent: 07 October 2002 17:01 To: '[EMAIL PROTECTED]' Subject: RE: SSLCipherSuite ALL error OK, I think I narrowed this part down.. I am getting this on make certificate... Verify: matching certificate signature ../conf/ssl.crt/server.crt: /C=XY/ST=Snake Desert/L=Snake Town/O=Snake Oil, Ltd/OU=Certificate Authority/CN=Snake Oil [EMAIL PROTECTED] error 10 at 1 depth lookup:certificate has expired Anyone ? -----Original Message----- From: Zandi Patrick S TSgt AFRL/IFOSS Sent: Monday, October 07, 2002 9:39 AM To: '[EMAIL PROTECTED]' Subject: SSLCipherSuite ALL error Hello , again.. I hate to be a pain here With ./apachectl startssl I am getting...... "../conf/httpd.conf" 1234 lines, 44355 characters 109 /apache/bin > ./apachectl startssl Syntax error on line 1085 of /apache/conf/httpd.conf: Invalid command 'SSLCipherSuite', perhaps mis-spelled or defined by a module not included in the server configuration ./apachectl startssl: httpd could not be started ////Line 1085 says /// 1085 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+SSLv2:+EXP:+eNULL ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
