subject:"RE\: SSL handshake failure URGENT"

RE: SSL handshake failure URGENT

2001-06-20 Thread Gomez Henri


> I use Linux RedHat 7, but it seems that SSL options was not taken in
> account with default launching of httpd (with httpd start) so I made
> first some modifications of httpd conf (specially putting on comment
> the
>  tags to make it taken in account, and made some
> mistakes
> maybe cause httpd will not launch now :-)

On Redhat 7.0 you didn't have to use my apache-mod_ssl since you
allready have a apache built with mod_ssl. May be only to install
mod_ssl.

> I (true)hope so that the packages I download from your site are the
> good
> ones (tomcat-3.2.2-1.noarch.rpm and
> apache-mod_ssl-1.3.20.2.8.4-2.i386.rpm) even if I was surprised that
> apache-mod_ssl-1.3.19.2.8.3-1.i386.rpm was bigger (1.6M) than the next
> version apache-mod_ssl-1.3.20.2.8.4-2.i386.rpm (879k)
> 
> I will give you wedensday the next episod of my
> SSL/Linux/tomcat/apache
> adventure.
> 
> > PS: Did you have a Linux boxes, I've packaged easy to use 
> > RPM which will let you install apache-mod_ssl, tomcat and 
> > mod_jk in less than 30 mins
> > 
> > http://www.falsehope.com/ftp-site/home/gomez/apache-mod_ssl/
> > http://www.falsehope.com/ftp-site/home/gomez/tomcat/
> > 
> > Redhat 7.0/7.1 users allready have a Apache using mod_ssl
> > 
> > -
> > Henri Gomez ___[_]
> > EMAIL : [EMAIL PROTECTED](. .) 
> > PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
> > PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 
> > 
> > 
> > 
> > >-Original Message-
> > >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> > >Sent: Monday, June 18, 2001 11:41 AM
> > >To: [EMAIL PROTECTED]
> > >Subject: RE: SSL handshake failure URGENT
> > >
> > >
> > >I would try to do that following a document you wrote about 
> > >SSL via apache, but I was a little lost in your indication
> > >(for example some Jk... directives are not recognized, 
> > >[JkExtractSSL, ...] ) and I don't have a mod_jk.so module to load)
> > >
> > >> Could you try the server cert on apache/SSL or Apache-mod_ssl
> > >> and see if it works ?
> > >> 
> > >> 
> > >> 
> > >> -
> > >> Henri Gomez ___[_]
> > >> EMAIL : [EMAIL PROTECTED]    (. .) 
> > >> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
> > >> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 
> > >> 
> > >> 
> > >> 
> > >> >-Original Message-
> > >> >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> > >> >Sent: Monday, June 18, 2001 10:05 AM
> > >> >To: [EMAIL PROTECTED]
> > >> >Subject: RE: SSL handshake failure URGENT
> > >> >
> > >> >
> > >> >
> > >> >Of sure, there it is.
> > >> >
> > >> >
> > >> >> Could you retry with openssl s_client in full debug mode ?
> > >> >> 
> > >> >> -
> > >> >> Henri Gomez ___[_]
> > >> >> EMAIL : [EMAIL PROTECTED](. .) 
> > >> >> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
> > >> >> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 
> > >> >> 
> > >> >> 
> > >> >> 
> > >> >> >-Original Message-
> > >> >> >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> > >> >> >Sent: Friday, June 15, 2001 12:21 PM
> > >> >> >To: [EMAIL PROTECTED]
> > >> >> >Subject: RE: SSL handshake failure URGENT
> > >> >> >
> > >> >> >
> > >> >> >So, every seems to be well configured, but I always get this
> > >> >> >handshake error, what could be the problem in that case ?
> > >> >> >
> > >> >> ># openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem 
> > >> >> >-key cl_key.pem -state 
> > >> >> >Enter PEM pass phrase:
> > >> >> >CONNECTED(0003)
> > >> >> >SSL_connect:before/connect initialization
> > >> >> >SSL_connect:SSLv2/v3 write client hello A
> > >> >> >SSL3 alert read:fatal:handshake failure
> > >> >> >SSL_connect:error in SSLv2/v3 read server hello A
> > >>

RE: SSL handshake failure URGENT

2001-06-18 Thread Phillip Kuzma \(Support\)

 smime.p7m

RE: SSL handshake failure URGENT

2001-06-18 Thread Jean-Etienne G.



The rpm installation of apache (1.3.20) failed cause it claims openssl >= 0.9.6 (that 
I installed) and cause there are a lot of conflicts with previous version of apache 
(1.3.12)
I am not a big afficionados of Linux fine configuration and tuning but I am compelled 
to work on this plateform. Do you have a magic (rpm or not) package that I just may 
click on to auto configurate and update the components I already have ?


> PS: Did you have a Linux boxes, I've packaged easy to use
> RPM which will let you install apache-mod_ssl, tomcat and
> mod_jk in less than 30 mins

> http://www.falsehope.com/ftp-site/home/gomez/apache-mod_ssl/
> http://www.falsehope.com/ftp-site/home/gomez/tomcat/
>
> Redhat 7.0/7.1 users allready have a Apache using mod_ssl
>
> -
> Henri Gomez ___[_]
> EMAIL : [EMAIL PROTECTED](. .)
> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
>
>
>
> >-Original Message-
> >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> >Sent: Monday, June 18, 2001 11:41 AM
> >To: [EMAIL PROTECTED]
> >Subject: RE: SSL handshake failure URGENT
> >
> >
> >I would try to do that following a document you wrote about
> >SSL via apache, but I was a little lost in your indication
> >(for example some Jk... directives are not recognized,
> >[JkExtractSSL, ...] ) and I don't have a mod_jk.so module to load)
> >
> >> Could you try the server cert on apache/SSL or Apache-mod_ssl
> >> and see if it works ?
> >>
> >>
> >>
> >> -
> >> Henri Gomez ___[_]
> >> EMAIL : [EMAIL PROTECTED](. .)
> >> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
> >> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
> >>
> >>
> >>
> >> >-Original Message-
> >> >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> >> >Sent: Monday, June 18, 2001 10:05 AM
> >> >To: [EMAIL PROTECTED]
> >> >Subject: RE: SSL handshake failure URGENT
> >> >
> >> >
> >> >
> >> >Of sure, there it is.
> >> >
> >> >
> >> >> Could you retry with openssl s_client in full debug mode ?
> >> >>
> >> >> -
> >> >> Henri Gomez ___[_]
> >> >> EMAIL : [EMAIL PROTECTED](. .)
> >> >> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
> >> >> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
> >> >>
> >> >>
> >> >>
> >> >> >-Original Message-
> >> >> >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> >> >> >Sent: Friday, June 15, 2001 12:21 PM
> >> >> >To: [EMAIL PROTECTED]
> >> >> >Subject: RE: SSL handshake failure URGENT
> >> >> >
> >> >> >
> >> >> >So, every seems to be well configured, but I always get this
> >> >> >handshake error, what could be the problem in that case ?
> >> >> >
> >> >> ># openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem
> >> >> >-key cl_key.pem -state
> >> >> >Enter PEM pass phrase:
> >> >> >CONNECTED(0003)
> >> >> >SSL_connect:before/connect initialization
> >> >> >SSL_connect:SSLv2/v3 write client hello A
> >> >> >SSL3 alert read:fatal:handshake failure
> >> >> >SSL_connect:error in SSLv2/v3 read server hello A
> >> >> >
> >> >> >
> >> >> >> >ok now it's done, but same error
> >> >> >> >HandShake Failure
> >> >> >> >
> >> >> >> >I made the new server request, the new server certification,
> >> >> >> >the new server x509 conversion, and the new server
> >into tomcat
> >> >> >> >keystore importation
> >> >> >> >
> >> >> >> >(I send you the new server certificate)
> >> >> >> >
> >> >> >> >must we also replace to CN of the client ? (I didn't do it)
> >> >> >> >maybe the CN of the CA ?
> >> >> >> >
> >> >> >> CN of you client could be what you want
> >> >> >>
> >> >> >> >
> >> >> >> >> The probl

RE: SSL handshake failure URGENT

2001-06-18 Thread Jean-Etienne G.


ok, thanks Henri and Tim

I use Linux RedHat 7, but it seems that SSL options was not taken in account with 
default launching of httpd (with httpd start) so I made first some modifications of 
httpd conf (specially putting on comment the  tags to make it taken in 
account, and made some mistakes maybe cause httpd will not launch now :-)

I (true)hope so that the packages I download from your site are the good ones 
(tomcat-3.2.2-1.noarch.rpm and apache-mod_ssl-1.3.20.2.8.4-2.i386.rpm) even if I was 
surprised that apache-mod_ssl-1.3.19.2.8.3-1.i386.rpm was bigger (1.6M) than the next 
version apache-mod_ssl-1.3.20.2.8.4-2.i386.rpm (879k)

I will give you wedensday the next episod of my SSL/Linux/tomcat/apache adventure.

> PS: Did you have a Linux boxes, I've packaged easy to use
> RPM which will let you install apache-mod_ssl, tomcat and
> mod_jk in less than 30 mins
>
> http://www.falsehope.com/ftp-site/home/gomez/apache-mod_ssl/
> http://www.falsehope.com/ftp-site/home/gomez/tomcat/
>
> Redhat 7.0/7.1 users allready have a Apache using mod_ssl
>
> -
> Henri Gomez ___[_]
> EMAIL : [EMAIL PROTECTED](. .)
> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
>
>
>
> >-Original Message-
> >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> >Sent: Monday, June 18, 2001 11:41 AM
> >To: [EMAIL PROTECTED]
> >Subject: RE: SSL handshake failure URGENT
> >
> >
> >I would try to do that following a document you wrote about
> >SSL via apache, but I was a little lost in your indication
> >(for example some Jk... directives are not recognized,
> >[JkExtractSSL, ...] ) and I don't have a mod_jk.so module to load)
> >
> >> Could you try the server cert on apache/SSL or Apache-mod_ssl
> >> and see if it works ?
> >>
> >>
> >>
> >> -
> >> Henri Gomez ___[_]
> >> EMAIL : [EMAIL PROTECTED](. .)
> >> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
> >> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
> >>
> >>
> >>
> >> >-Original Message-
> >> >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> >> >Sent: Monday, June 18, 2001 10:05 AM
> >> >To: [EMAIL PROTECTED]
> >> >Subject: RE: SSL handshake failure URGENT
> >> >
> >> >
> >> >
> >> >Of sure, there it is.
> >> >
> >> >
> >> >> Could you retry with openssl s_client in full debug mode ?
> >> >>
> >> >> -
> >> >> Henri Gomez ___[_]
> >> >> EMAIL : [EMAIL PROTECTED](. .)
> >> >> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
> >> >> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
> >> >>
> >> >>
> >> >>
> >> >> >-Original Message-
> >> >> >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> >> >> >Sent: Friday, June 15, 2001 12:21 PM
> >> >> >To: [EMAIL PROTECTED]
> >> >> >Subject: RE: SSL handshake failure URGENT
> >> >> >
> >> >> >
> >> >> >So, every seems to be well configured, but I always get this
> >> >> >handshake error, what could be the problem in that case ?
> >> >> >
> >> >> ># openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem
> >> >> >-key cl_key.pem -state
> >> >> >Enter PEM pass phrase:
> >> >> >CONNECTED(0003)
> >> >> >SSL_connect:before/connect initialization
> >> >> >SSL_connect:SSLv2/v3 write client hello A
> >> >> >SSL3 alert read:fatal:handshake failure
> >> >> >SSL_connect:error in SSLv2/v3 read server hello A
> >> >> >
> >> >> >
> >> >> >> >ok now it's done, but same error
> >> >> >> >HandShake Failure
> >> >> >> >
> >> >> >> >I made the new server request, the new server certification,
> >> >> >> >the new server x509 conversion, and the new server
> >into tomcat
> >> >> >> >keystore importation
> >> >> >> >
> >> >> >> >(I send you the new server certificate)
> >> >> >> >
> >> >> >> >must we also replace to CN of the client ? (I didn'

RE: SSL handshake failure URGENT

2001-06-18 Thread GOMEZ Henri


If you use Apache-mod_ssl (apache with mod_ssl), you didn't
need to do anything in mod_jk.conf since it's default config
is for Apache + mod_ssl.

PS: Did you have a Linux boxes, I've packaged easy to use 
RPM which will let you install apache-mod_ssl, tomcat and 
mod_jk in less than 30 mins

http://www.falsehope.com/ftp-site/home/gomez/apache-mod_ssl/
http://www.falsehope.com/ftp-site/home/gomez/tomcat/

Redhat 7.0/7.1 users allready have a Apache using mod_ssl

-
Henri Gomez ___[_]
EMAIL : [EMAIL PROTECTED](. .) 
PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 



>-Original Message-
>From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
>Sent: Monday, June 18, 2001 11:41 AM
>To: [EMAIL PROTECTED]
>Subject: RE: SSL handshake failure URGENT
>
>
>I would try to do that following a document you wrote about 
>SSL via apache, but I was a little lost in your indication
>(for example some Jk... directives are not recognized, 
>[JkExtractSSL, ...] ) and I don't have a mod_jk.so module to load)
>
>> Could you try the server cert on apache/SSL or Apache-mod_ssl
>> and see if it works ?
>> 
>> 
>> 
>> -
>> Henri Gomez ___[_]
>> EMAIL : [EMAIL PROTECTED](. .) 
>> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
>> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 
>> 
>> 
>> 
>> >-Original Message-----
>> >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
>> >Sent: Monday, June 18, 2001 10:05 AM
>> >To: [EMAIL PROTECTED]
>> >Subject: RE: SSL handshake failure URGENT
>> >
>> >
>> >
>> >Of sure, there it is.
>> >
>> >
>> >> Could you retry with openssl s_client in full debug mode ?
>> >> 
>> >> -
>> >> Henri Gomez ___[_]
>> >> EMAIL : [EMAIL PROTECTED](. .) 
>> >> PGP KEY : 697ECEDD    ...oOOo..(_)..oOOo...
>> >> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 
>> >> 
>> >> 
>> >> 
>> >> >-Original Message-
>> >> >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
>> >> >Sent: Friday, June 15, 2001 12:21 PM
>> >> >To: [EMAIL PROTECTED]
>> >> >Subject: RE: SSL handshake failure URGENT
>> >> >
>> >> >
>> >> >So, every seems to be well configured, but I always get this
>> >> >handshake error, what could be the problem in that case ?
>> >> >
>> >> ># openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem 
>> >> >-key cl_key.pem -state 
>> >> >Enter PEM pass phrase:
>> >> >CONNECTED(0003)
>> >> >SSL_connect:before/connect initialization
>> >> >SSL_connect:SSLv2/v3 write client hello A
>> >> >SSL3 alert read:fatal:handshake failure
>> >> >SSL_connect:error in SSLv2/v3 read server hello A
>> >> >
>> >> >
>> >> >> >ok now it's done, but same error
>> >> >> >HandShake Failure
>> >> >> >
>> >> >> >I made the new server request, the new server certification, 
>> >> >> >the new server x509 conversion, and the new server 
>into tomcat 
>> >> >> >keystore importation
>> >> >> >
>> >> >> >(I send you the new server certificate)
>> >> >> >
>> >> >> >must we also replace to CN of the client ? (I didn't do it)
>> >> >> >maybe the CN of the CA ?
>> >> >> >
>> >> >> CN of you client could be what you want
>> >> >> 
>> >> >> >
>> >> >> >> The problem is in the CN of the server cert :
>> >> >> >> 
>> >> >> >> replace CN=server by CN=thehostname !!!
>> >> >> >> 
>> >> >> >> Certificate:
>> >> >> >> Data:
>> >> >> >> Version: 3 (0x2)
>> >> >> >> Serial Number: 2 (0x2)
>> >> >> >> Signature Algorithm: md5WithRSAEncryption
>> >> >> >> Issuer: C=FR, ST=France, L=Genvilliers, O=THE_ORG, 
>> >> >> >OU=UNIT, CN=ca
>> &g

RE: SSL handshake failure URGENT

2001-06-18 Thread Tim O'Neil

At 02:41 AM 6/18/2001, you wrote:
>I would try to do that following a document you wrote about SSL via 
>apache, but I was a little lost in your indication
>(for example some Jk... directives are not recognized, [JkExtractSSL, ...] 
>) and I don't have a mod_jk.so module to load)

I know that a real (or non-test) cert works
with Apache/tomcat. There's documentation on
the Apache site for using mod_ssl, and also
search the net for more info. I don't have
the urls handy, but I was able to mine the net
for urls to some good info on using ssl with
Apache, Tomcat, and others. Also, I was never
able to get Tomcat standalone to use a real cert.

RE: SSL handshake failure URGENT

2001-06-18 Thread Jean-Etienne G.


I would try to do that following a document you wrote about SSL via apache, but I was 
a little lost in your indication
(for example some Jk... directives are not recognized, [JkExtractSSL, ...] ) and I 
don't have a mod_jk.so module to load)

> Could you try the server cert on apache/SSL or Apache-mod_ssl
> and see if it works ?
>
>
>
> -
> Henri Gomez ___[_]
> EMAIL : [EMAIL PROTECTED](. .)
> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
>
>
>
> >-Original Message-
> >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> >Sent: Monday, June 18, 2001 10:05 AM
> >To: [EMAIL PROTECTED]
> >Subject: RE: SSL handshake failure URGENT
> >
> >
> >
> >Of sure, there it is.
> >
> >
> >> Could you retry with openssl s_client in full debug mode ?
> >>
> >> -
> >> Henri Gomez ___[_]
> >> EMAIL : [EMAIL PROTECTED](. .)
> >> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
> >> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
> >>
> >>
> >>
> >> >-Original Message-
> >> >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> >> >Sent: Friday, June 15, 2001 12:21 PM
> >> >To: [EMAIL PROTECTED]
> >> >Subject: RE: SSL handshake failure URGENT
> >> >
> >> >
> >> >So, every seems to be well configured, but I always get this
> >> >handshake error, what could be the problem in that case ?
> >> >
> >> ># openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem
> >> >-key cl_key.pem -state
> >> >Enter PEM pass phrase:
> >> >CONNECTED(0003)
> >> >SSL_connect:before/connect initialization
> >> >SSL_connect:SSLv2/v3 write client hello A
> >> >SSL3 alert read:fatal:handshake failure
> >> >SSL_connect:error in SSLv2/v3 read server hello A
> >> >
> >> >
> >> >> >ok now it's done, but same error
> >> >> >HandShake Failure
> >> >> >
> >> >> >I made the new server request, the new server certification,
> >> >> >the new server x509 conversion, and the new server into tomcat
> >> >> >keystore importation
> >> >> >
> >> >> >(I send you the new server certificate)
> >> >> >
> >> >> >must we also replace to CN of the client ? (I didn't do it)
> >> >> >maybe the CN of the CA ?
> >> >> >
> >> >> CN of you client could be what you want
> >> >>
> >> >> >
> >> >> >> The problem is in the CN of the server cert :
> >> >> >>
> >> >> >> replace CN=server by CN=thehostname !!!
> >> >> >>
> >> >> >> Certificate:
> >> >> >> Data:
> >> >> >> Version: 3 (0x2)
> >> >> >> Serial Number: 2 (0x2)
> >> >> >> Signature Algorithm: md5WithRSAEncryption
> >> >> >> Issuer: C=FR, ST=France, L=Genvilliers, O=THE_ORG,
> >> >> >OU=UNIT, CN=ca
> >> >> >> Validity
> >> >> >> Not Before: Jun 14 08:47:55 2001 GMT
> >> >> >> Not After : Jun 14 08:47:55 2002 GMT
> >> >> >> Subject: C=FR, ST=France, O=THE_ORG, OU=UNIT, CN=server
> >> >> >> Subject Public Key Info:
> >> >> >> Public Key Algorithm: rsaEncryption
> >> >> >> RSA Public Key: (1024 bit)
> >> >> >> Modulus (1024 bit):
> >> >> >>
> >00:f2:bc:0c:53:78:d3:08:85:b3:e1:70:7c:a8:d1:
> >> >> >>
> >f1:64:49:37:e0:83:48:ac:5c:18:51:93:fd:31:49:
> >> >> >>
> >12:24:3a:57:13:e0:3a:97:25:ee:29:f5:16:f2:da:
> >> >> >>
> >a7:fc:84:89:f6:50:53:2c:09:2a:a9:f5:91:b8:33:
> >> >> >>
> >a5:ec:2f:16:07:b8:bf:60:01:06:aa:cc:be:fd:a9:
> >> >> >>
> >85:04:22:25:2b:16:4d:49:b4:11:bc:0a:68:1c:95:
> >> >> >>
> >6c:a6:ad:8c:f4:ef:30:11:41:6e:cf:3b:ca:a6:6a:
> >> >> >>
> >e9:1b:bf:41:28:b0:5e:c8:03:8c:cb:22:ce:80:38:
> >> >

RE: SSL handshake failure URGENT

2001-06-18 Thread GOMEZ Henri


Could you try the server cert on apache/SSL or Apache-mod_ssl
and see if it works ?



-
Henri Gomez ___[_]
EMAIL : [EMAIL PROTECTED](. .) 
PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 



>-Original Message-
>From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
>Sent: Monday, June 18, 2001 10:05 AM
>To: [EMAIL PROTECTED]
>Subject: RE: SSL handshake failure URGENT
>
>
>
>Of sure, there it is.
>
>
>> Could you retry with openssl s_client in full debug mode ?
>> 
>> -
>> Henri Gomez ___[_]
>> EMAIL : [EMAIL PROTECTED](. .) 
>> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
>> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 
>> 
>> 
>> 
>> >-Original Message-
>> >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
>> >Sent: Friday, June 15, 2001 12:21 PM
>> >To: [EMAIL PROTECTED]
>> >Subject: RE: SSL handshake failure URGENT
>> >
>> >
>> >So, every seems to be well configured, but I always get this
>> >handshake error, what could be the problem in that case ?
>> >
>> ># openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem 
>> >-key cl_key.pem -state 
>> >Enter PEM pass phrase:
>> >CONNECTED(0003)
>> >SSL_connect:before/connect initialization
>> >SSL_connect:SSLv2/v3 write client hello A
>> >SSL3 alert read:fatal:handshake failure
>> >SSL_connect:error in SSLv2/v3 read server hello A
>> >
>> >
>> >> >ok now it's done, but same error
>> >> >HandShake Failure
>> >> >
>> >> >I made the new server request, the new server certification, 
>> >> >the new server x509 conversion, and the new server into tomcat 
>> >> >keystore importation
>> >> >
>> >> >(I send you the new server certificate)
>> >> >
>> >> >must we also replace to CN of the client ? (I didn't do it)
>> >> >maybe the CN of the CA ?
>> >> >
>> >> CN of you client could be what you want
>> >> 
>> >> >
>> >> >> The problem is in the CN of the server cert :
>> >> >> 
>> >> >> replace CN=server by CN=thehostname !!!
>> >> >> 
>> >> >> Certificate:
>> >> >> Data:
>> >> >> Version: 3 (0x2)
>> >> >> Serial Number: 2 (0x2)
>> >> >> Signature Algorithm: md5WithRSAEncryption
>> >> >> Issuer: C=FR, ST=France, L=Genvilliers, O=THE_ORG, 
>> >> >OU=UNIT, CN=ca
>> >> >> Validity
>> >> >> Not Before: Jun 14 08:47:55 2001 GMT
>> >> >> Not After : Jun 14 08:47:55 2002 GMT
>> >> >> Subject: C=FR, ST=France, O=THE_ORG, OU=UNIT, CN=server
>> >> >> Subject Public Key Info:
>> >> >> Public Key Algorithm: rsaEncryption
>> >> >> RSA Public Key: (1024 bit)
>> >> >> Modulus (1024 bit):
>> >> >> 
>00:f2:bc:0c:53:78:d3:08:85:b3:e1:70:7c:a8:d1:
>> >> >> 
>f1:64:49:37:e0:83:48:ac:5c:18:51:93:fd:31:49:
>> >> >> 
>12:24:3a:57:13:e0:3a:97:25:ee:29:f5:16:f2:da:
>> >> >> 
>a7:fc:84:89:f6:50:53:2c:09:2a:a9:f5:91:b8:33:
>> >> >> 
>a5:ec:2f:16:07:b8:bf:60:01:06:aa:cc:be:fd:a9:
>> >> >> 
>85:04:22:25:2b:16:4d:49:b4:11:bc:0a:68:1c:95:
>> >> >> 
>6c:a6:ad:8c:f4:ef:30:11:41:6e:cf:3b:ca:a6:6a:
>> >> >> 
>e9:1b:bf:41:28:b0:5e:c8:03:8c:cb:22:ce:80:38:
>> >> >> 3b:c3:9f:ac:e3:5e:77:cb:7b
>> >> >> Exponent: 65537 (0x10001)
>> >> >> X509v3 extensions:
>> >> >> X509v3 Basic Constraints: 
>> >> >> CA:FALSE
>> >> >> Netscape Comment: 
>> >> >> OpenSSL Generated Certificate
>> >> >> X509v3 Subject Key Identifier: 
>> >> >> 
>> >> >44:

RE: SSL handshake failure URGENT

2001-06-18 Thread Jean-Etienne G.



Of sure, there it is.


> Could you retry with openssl s_client in full debug mode ?
>
> -
> Henri Gomez ___[_]
> EMAIL : [EMAIL PROTECTED](. .)
> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
>
>
>
> >-Original Message-
> >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> >Sent: Friday, June 15, 2001 12:21 PM
> >To: [EMAIL PROTECTED]
> >Subject: RE: SSL handshake failure URGENT
> >
> >
> >So, every seems to be well configured, but I always get this
> >handshake error, what could be the problem in that case ?
> >
> ># openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem
> >-key cl_key.pem -state
> >Enter PEM pass phrase:
> >CONNECTED(0003)
> >SSL_connect:before/connect initialization
> >SSL_connect:SSLv2/v3 write client hello A
> >SSL3 alert read:fatal:handshake failure
> >SSL_connect:error in SSLv2/v3 read server hello A
> >
> >
> >> >ok now it's done, but same error
> >> >HandShake Failure
> >> >
> >> >I made the new server request, the new server certification,
> >> >the new server x509 conversion, and the new server into tomcat
> >> >keystore importation
> >> >
> >> >(I send you the new server certificate)
> >> >
> >> >must we also replace to CN of the client ? (I didn't do it)
> >> >maybe the CN of the CA ?
> >> >
> >> CN of you client could be what you want
> >>
> >> >
> >> >> The problem is in the CN of the server cert :
> >> >>
> >> >> replace CN=server by CN=thehostname !!!
> >> >>
> >> >> Certificate:
> >> >> Data:
> >> >> Version: 3 (0x2)
> >> >> Serial Number: 2 (0x2)
> >> >> Signature Algorithm: md5WithRSAEncryption
> >> >> Issuer: C=FR, ST=France, L=Genvilliers, O=THE_ORG,
> >> >OU=UNIT, CN=ca
> >> >> Validity
> >> >> Not Before: Jun 14 08:47:55 2001 GMT
> >> >> Not After : Jun 14 08:47:55 2002 GMT
> >> >> Subject: C=FR, ST=France, O=THE_ORG, OU=UNIT, CN=server
> >> >> Subject Public Key Info:
> >> >> Public Key Algorithm: rsaEncryption
> >> >> RSA Public Key: (1024 bit)
> >> >> Modulus (1024 bit):
> >> >> 00:f2:bc:0c:53:78:d3:08:85:b3:e1:70:7c:a8:d1:
> >> >> f1:64:49:37:e0:83:48:ac:5c:18:51:93:fd:31:49:
> >> >> 12:24:3a:57:13:e0:3a:97:25:ee:29:f5:16:f2:da:
> >> >> a7:fc:84:89:f6:50:53:2c:09:2a:a9:f5:91:b8:33:
> >> >> a5:ec:2f:16:07:b8:bf:60:01:06:aa:cc:be:fd:a9:
> >> >> 85:04:22:25:2b:16:4d:49:b4:11:bc:0a:68:1c:95:
> >> >> 6c:a6:ad:8c:f4:ef:30:11:41:6e:cf:3b:ca:a6:6a:
> >> >> e9:1b:bf:41:28:b0:5e:c8:03:8c:cb:22:ce:80:38:
> >> >> 3b:c3:9f:ac:e3:5e:77:cb:7b
> >> >> Exponent: 65537 (0x10001)
> >> >> X509v3 extensions:
> >> >> X509v3 Basic Constraints:
> >> >> CA:FALSE
> >> >> Netscape Comment:
> >> >> OpenSSL Generated Certificate
> >> >> X509v3 Subject Key Identifier:
> >> >>
> >> >44:3C:48:E2:82:B6:77:02:B1:90:84:D3:B0:CD:0C:18:6E:81:9F:7E
> >> >> X509v3 Authority Key Identifier:
> >> >>
> >> >> keyid:85:64:41:58:57:5F:91:5E:E1:A7:85:6B:CB:B7:F4:03:C4:F9:A8:31
> >> >>
> >> >> DirName:/C=FR/ST=France/L=Genvilliers/O=THE_ORG/OU=UNIT/CN=ca
> >> >> serial:00
> >> >>
> >> >> Signature Algorithm: md5WithRSAEncryption
> >> >> 05:0a:10:ec:dd:04:9e:8d:bb:98:2d:82:8f:c5:a0:f7:6b:06:
> >> >> 97:52:c0:a2:c0:f2:25:8c:81:41:a5:80:f2:1e:72:da:a5:d2:
> >> >> 28:df:44:77:0f:6b:df:9a:1e:06:c7:83:6a:7d:40:89:96:1f:
> >> >> be:f5:2b:b2:fc:4c:91:a9:0c:89:e8:00:37:d5:a1:ab:a8:82:
> >> >> 7b:92:d9:ba:e9:1b:57:3d:32:62:96:ba:29:1d:3f:9b:83:64:
> >> >> b8:92:37:74:16:4d:3f:be:bf:cf:25:70:03:05:06:de:d2:52:
> >> >> 94:ff:6a:fc:0c:32:ef:aa:ab:63:6d:e1:77:56:fc:3f:32:c6:
> >> >> 20:a8
> >> >>
> >> >>
> >> >>
> >> >> -
> >> >> Henri Gomez ___[_]
> >> >> EMAIL : [EMAIL PROTECTED](. .)
> >> >> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
> >> >> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
> >> >>
> >> >
> >> >
> >> >__
> >> >Voila vous propose une boite aux lettres gratuite sur Voila Mail:
> >> >http://mail.voila.fr
> >> >
> >> >
> >>
> >
> >__
> >Voila vous propose une boite aux lettres gratuite sur Voila Mail:
> >http://mail.voila.fr
> >
> >
> >
>


__
Voila vous propose une boite aux lettres gratuite sur Voila Mail:
http://mail.voila.fr


 error2.txt

RE: SSL handshake failure URGENT

2001-06-15 Thread Jean-Etienne G.


> Could you retry with openssl s_client in full debug mode ?

Here it is, for me it's like chinese :

[arcade2]# openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem -key cl_key.pem 
-state -debug
Enter PEM pass phrase:
CONNECTED(0003)
SSL_connect:before/connect initialization
write to 08156A30 [08157E98] (124 bytes => 124 (0x7C))
 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .zQ... .
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04   .f..
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00   ...e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00   .c..b..a..`.
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ..@.
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 61 bf 17 f2   a...
0060 - 3c c8 5d 69 0a 5c d9 28-e6 9c fe 89 bc 0b 53 13   <.]i.\.(..S.
0070 - 63 4d 3e 55 27 4d 38 86-5c 78 a8 e2   cM>U'M8.\x..
SSL_connect:SSLv2/v3 write client hello A
read from 08156A30 [0815D3F8] (7 bytes => 7 (0x7))
 - 15 03 01 00 02 02 28  ..(
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
1754:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake 
failure:s23_clnt.c:453:



> Could you retry with openssl s_client in full debug mode ?
>
> -
> Henri Gomez ___[_]
> EMAIL : [EMAIL PROTECTED](. .)
> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
>
>
>
> >-Original Message-
> >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> >Sent: Friday, June 15, 2001 12:21 PM
> >To: [EMAIL PROTECTED]
> >Subject: RE: SSL handshake failure URGENT
> >
> >
> >So, every seems to be well configured, but I always get this
> >handshake error, what could be the problem in that case ?
> >
> ># openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem
> >-key cl_key.pem -state
> >Enter PEM pass phrase:
> >CONNECTED(0003)
> >SSL_connect:before/connect initialization
> >SSL_connect:SSLv2/v3 write client hello A
> >SSL3 alert read:fatal:handshake failure
> >SSL_connect:error in SSLv2/v3 read server hello A
> >
> >
> >> >ok now it's done, but same error
> >> >HandShake Failure
> >> >
> >> >I made the new server request, the new server certification,
> >> >the new server x509 conversion, and the new server into tomcat
> >> >keystore importation
> >> >
> >> >(I send you the new server certificate)
> >> >
> >> >must we also replace to CN of the client ? (I didn't do it)
> >> >maybe the CN of the CA ?
> >> >
> >> CN of you client could be what you want
> >>
> >> >
> >> >> The problem is in the CN of the server cert :
> >> >>
> >> >> replace CN=server by CN=thehostname !!!
> >> >>
> >> >> Certificate:
> >> >> Data:
> >> >> Version: 3 (0x2)
> >> >> Serial Number: 2 (0x2)
> >> >> Signature Algorithm: md5WithRSAEncryption
> >> >> Issuer: C=FR, ST=France, L=Genvilliers, O=THE_ORG,
> >> >OU=UNIT, CN=ca
> >> >> Validity
> >> >> Not Before: Jun 14 08:47:55 2001 GMT
> >> >> Not After : Jun 14 08:47:55 2002 GMT
> >> >> Subject: C=FR, ST=France, O=THE_ORG, OU=UNIT, CN=server
> >> >> Subject Public Key Info:
> >> >> Public Key Algorithm: rsaEncryption
> >> >> RSA Public Key: (1024 bit)
> >> >> Modulus (1024 bit):
> >> >> 00:f2:bc:0c:53:78:d3:08:85:b3:e1:70:7c:a8:d1:
> >> >> f1:64:49:37:e0:83:48:ac:5c:18:51:93:fd:31:49:
> >> >> 12:24:3a:57:13:e0:3a:97:25:ee:29:f5:16:f2:da:
> >> >> a7:fc:84:89:f6:50:53:2c:09:2a:a9:f5:91:b8:33:
> >> >> a5:ec:2f:16:07:b8:bf:60:01:06:aa:cc:be:fd:a9:
> >> >> 85:04:22:25:2b:16:4d:49:b4:11:bc:0a:68:1c:95:
> >> >> 6c:a6:ad:8c:f4:ef:30:11:41:6e:cf:3b:ca:a6:6a:
> >> >> e9:1b:bf:41:28:b0:5e:c8:03:8c:cb:22:ce:80:38:
> >> >> 3b:c3:9f:ac:e3:5e:77:cb:7b
> >> >> Exponent: 65537 (0x10001)
> >> >> X509v3 extensions:
> >&

RE: SSL handshake failure URGENT

2001-06-15 Thread GOMEZ Henri


Could you retry with openssl s_client in full debug mode ?

-
Henri Gomez ___[_]
EMAIL : [EMAIL PROTECTED](. .) 
PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 



>-Original Message-
>From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
>Sent: Friday, June 15, 2001 12:21 PM
>To: [EMAIL PROTECTED]
>Subject: RE: SSL handshake failure URGENT
>
>
>So, every seems to be well configured, but I always get this
>handshake error, what could be the problem in that case ?
>
># openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem 
>-key cl_key.pem -state 
>Enter PEM pass phrase:
>CONNECTED(0003)
>SSL_connect:before/connect initialization
>SSL_connect:SSLv2/v3 write client hello A
>SSL3 alert read:fatal:handshake failure
>SSL_connect:error in SSLv2/v3 read server hello A
>
>
>> >ok now it's done, but same error
>> >HandShake Failure
>> >
>> >I made the new server request, the new server certification, 
>> >the new server x509 conversion, and the new server into tomcat 
>> >keystore importation
>> >
>> >(I send you the new server certificate)
>> >
>> >must we also replace to CN of the client ? (I didn't do it)
>> >maybe the CN of the CA ?
>> >
>> CN of you client could be what you want
>> 
>> >
>> >> The problem is in the CN of the server cert :
>> >> 
>> >> replace CN=server by CN=thehostname !!!
>> >> 
>> >> Certificate:
>> >> Data:
>> >> Version: 3 (0x2)
>> >> Serial Number: 2 (0x2)
>> >> Signature Algorithm: md5WithRSAEncryption
>> >> Issuer: C=FR, ST=France, L=Genvilliers, O=THE_ORG, 
>> >OU=UNIT, CN=ca
>> >> Validity
>> >> Not Before: Jun 14 08:47:55 2001 GMT
>> >> Not After : Jun 14 08:47:55 2002 GMT
>> >> Subject: C=FR, ST=France, O=THE_ORG, OU=UNIT, CN=server
>> >> Subject Public Key Info:
>> >> Public Key Algorithm: rsaEncryption
>> >> RSA Public Key: (1024 bit)
>> >> Modulus (1024 bit):
>> >> 00:f2:bc:0c:53:78:d3:08:85:b3:e1:70:7c:a8:d1:
>> >> f1:64:49:37:e0:83:48:ac:5c:18:51:93:fd:31:49:
>> >> 12:24:3a:57:13:e0:3a:97:25:ee:29:f5:16:f2:da:
>> >> a7:fc:84:89:f6:50:53:2c:09:2a:a9:f5:91:b8:33:
>> >> a5:ec:2f:16:07:b8:bf:60:01:06:aa:cc:be:fd:a9:
>> >> 85:04:22:25:2b:16:4d:49:b4:11:bc:0a:68:1c:95:
>> >> 6c:a6:ad:8c:f4:ef:30:11:41:6e:cf:3b:ca:a6:6a:
>> >> e9:1b:bf:41:28:b0:5e:c8:03:8c:cb:22:ce:80:38:
>> >> 3b:c3:9f:ac:e3:5e:77:cb:7b
>> >> Exponent: 65537 (0x10001)
>> >> X509v3 extensions:
>> >> X509v3 Basic Constraints: 
>> >> CA:FALSE
>> >> Netscape Comment: 
>> >> OpenSSL Generated Certificate
>> >> X509v3 Subject Key Identifier: 
>> >> 
>> >44:3C:48:E2:82:B6:77:02:B1:90:84:D3:B0:CD:0C:18:6E:81:9F:7E
>> >> X509v3 Authority Key Identifier: 
>> >>  
>> >> keyid:85:64:41:58:57:5F:91:5E:E1:A7:85:6B:CB:B7:F4:03:C4:F9:A8:31
>> >>  
>> >> DirName:/C=FR/ST=France/L=Genvilliers/O=THE_ORG/OU=UNIT/CN=ca
>> >> serial:00
>> >> 
>> >> Signature Algorithm: md5WithRSAEncryption
>> >> 05:0a:10:ec:dd:04:9e:8d:bb:98:2d:82:8f:c5:a0:f7:6b:06:
>> >> 97:52:c0:a2:c0:f2:25:8c:81:41:a5:80:f2:1e:72:da:a5:d2:
>> >> 28:df:44:77:0f:6b:df:9a:1e:06:c7:83:6a:7d:40:89:96:1f:
>> >> be:f5:2b:b2:fc:4c:91:a9:0c:89:e8:00:37:d5:a1:ab:a8:82:
>> >> 7b:92:d9:ba:e9:1b:57:3d:32:62:96:ba:29:1d:3f:9b:83:64:
>> >> b8:92:37:74:16:4d:3f:be:bf:cf:25:70:03:05:06:de:d2:52:
>> >> 94:ff:6a:fc:0c:32:ef:aa:ab:63:6d:e1:77:56:fc:3f:32:c6:
>> >> 20:a8
>> >> 
>> >> 
>> >> 
>> >> -
>> >> Henri Gomez ___[_]
>> >> EMAIL : [EMAIL PROTECTED](. .) 
>> >> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
>> >> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 
>> >> 
>> >
>> >
>> >__
>> >Voila vous propose une boite aux lettres gratuite sur Voila Mail:
>> >http://mail.voila.fr
>> >
>> >
>> 
>
>__
>Voila vous propose une boite aux lettres gratuite sur Voila Mail:
>http://mail.voila.fr
>
>
>

RE: SSL handshake failure URGENT

2001-06-15 Thread Jean-Etienne G.


So, every seems to be well configured, but I always get this
handshake error, what could be the problem in that case ?

# openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem -key cl_key.pem -state
Enter PEM pass phrase:
CONNECTED(0003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A


> >ok now it's done, but same error
> >HandShake Failure
> >
> >I made the new server request, the new server certification,
> >the new server x509 conversion, and the new server into tomcat
> >keystore importation
> >
> >(I send you the new server certificate)
> >
> >must we also replace to CN of the client ? (I didn't do it)
> >maybe the CN of the CA ?
> >
> CN of you client could be what you want
>
> >
> >> The problem is in the CN of the server cert :
> >>
> >> replace CN=server by CN=thehostname !!!
> >>
> >> Certificate:
> >> Data:
> >> Version: 3 (0x2)
> >> Serial Number: 2 (0x2)
> >> Signature Algorithm: md5WithRSAEncryption
> >> Issuer: C=FR, ST=France, L=Genvilliers, O=THE_ORG,
> >OU=UNIT, CN=ca
> >> Validity
> >> Not Before: Jun 14 08:47:55 2001 GMT
> >> Not After : Jun 14 08:47:55 2002 GMT
> >> Subject: C=FR, ST=France, O=THE_ORG, OU=UNIT, CN=server
> >> Subject Public Key Info:
> >> Public Key Algorithm: rsaEncryption
> >> RSA Public Key: (1024 bit)
> >> Modulus (1024 bit):
> >> 00:f2:bc:0c:53:78:d3:08:85:b3:e1:70:7c:a8:d1:
> >> f1:64:49:37:e0:83:48:ac:5c:18:51:93:fd:31:49:
> >> 12:24:3a:57:13:e0:3a:97:25:ee:29:f5:16:f2:da:
> >> a7:fc:84:89:f6:50:53:2c:09:2a:a9:f5:91:b8:33:
> >> a5:ec:2f:16:07:b8:bf:60:01:06:aa:cc:be:fd:a9:
> >> 85:04:22:25:2b:16:4d:49:b4:11:bc:0a:68:1c:95:
> >> 6c:a6:ad:8c:f4:ef:30:11:41:6e:cf:3b:ca:a6:6a:
> >> e9:1b:bf:41:28:b0:5e:c8:03:8c:cb:22:ce:80:38:
> >> 3b:c3:9f:ac:e3:5e:77:cb:7b
> >> Exponent: 65537 (0x10001)
> >> X509v3 extensions:
> >> X509v3 Basic Constraints:
> >> CA:FALSE
> >> Netscape Comment:
> >> OpenSSL Generated Certificate
> >> X509v3 Subject Key Identifier:
> >>
> >44:3C:48:E2:82:B6:77:02:B1:90:84:D3:B0:CD:0C:18:6E:81:9F:7E
> >> X509v3 Authority Key Identifier:
> >>
> >> keyid:85:64:41:58:57:5F:91:5E:E1:A7:85:6B:CB:B7:F4:03:C4:F9:A8:31
> >>
> >> DirName:/C=FR/ST=France/L=Genvilliers/O=THE_ORG/OU=UNIT/CN=ca
> >> serial:00
> >>
> >> Signature Algorithm: md5WithRSAEncryption
> >> 05:0a:10:ec:dd:04:9e:8d:bb:98:2d:82:8f:c5:a0:f7:6b:06:
> >> 97:52:c0:a2:c0:f2:25:8c:81:41:a5:80:f2:1e:72:da:a5:d2:
> >> 28:df:44:77:0f:6b:df:9a:1e:06:c7:83:6a:7d:40:89:96:1f:
> >> be:f5:2b:b2:fc:4c:91:a9:0c:89:e8:00:37:d5:a1:ab:a8:82:
> >> 7b:92:d9:ba:e9:1b:57:3d:32:62:96:ba:29:1d:3f:9b:83:64:
> >> b8:92:37:74:16:4d:3f:be:bf:cf:25:70:03:05:06:de:d2:52:
> >> 94:ff:6a:fc:0c:32:ef:aa:ab:63:6d:e1:77:56:fc:3f:32:c6:
> >> 20:a8
> >>
> >>
> >>
> >> -
> >> Henri Gomez ___[_]
> >> EMAIL : [EMAIL PROTECTED](. .)
> >> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
> >> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
> >>
> >
> >
> >__
> >Voila vous propose une boite aux lettres gratuite sur Voila Mail:
> >http://mail.voila.fr
> >
> >
>

__
Voila vous propose une boite aux lettres gratuite sur Voila Mail:
http://mail.voila.fr

RE: SSL handshake failure URGENT

2001-06-15 Thread GOMEZ Henri


>ok now it's done, but same error
>HandShake Failure
>
>I made the new server request, the new server certification, 
>the new server x509 conversion, and the new server into tomcat 
>keystore importation
>
>(I send you the new server certificate)
>
>must we also replace to CN of the client ? (I didn't do it)
>maybe the CN of the CA ?
>
CN of you client could be what you want

>
>> The problem is in the CN of the server cert :
>> 
>> replace CN=server by CN=thehostname !!!
>> 
>> Certificate:
>> Data:
>> Version: 3 (0x2)
>> Serial Number: 2 (0x2)
>> Signature Algorithm: md5WithRSAEncryption
>> Issuer: C=FR, ST=France, L=Genvilliers, O=THE_ORG, 
>OU=UNIT, CN=ca
>> Validity
>> Not Before: Jun 14 08:47:55 2001 GMT
>> Not After : Jun 14 08:47:55 2002 GMT
>> Subject: C=FR, ST=France, O=THE_ORG, OU=UNIT, CN=server
>> Subject Public Key Info:
>> Public Key Algorithm: rsaEncryption
>> RSA Public Key: (1024 bit)
>> Modulus (1024 bit):
>> 00:f2:bc:0c:53:78:d3:08:85:b3:e1:70:7c:a8:d1:
>> f1:64:49:37:e0:83:48:ac:5c:18:51:93:fd:31:49:
>> 12:24:3a:57:13:e0:3a:97:25:ee:29:f5:16:f2:da:
>> a7:fc:84:89:f6:50:53:2c:09:2a:a9:f5:91:b8:33:
>> a5:ec:2f:16:07:b8:bf:60:01:06:aa:cc:be:fd:a9:
>> 85:04:22:25:2b:16:4d:49:b4:11:bc:0a:68:1c:95:
>> 6c:a6:ad:8c:f4:ef:30:11:41:6e:cf:3b:ca:a6:6a:
>> e9:1b:bf:41:28:b0:5e:c8:03:8c:cb:22:ce:80:38:
>> 3b:c3:9f:ac:e3:5e:77:cb:7b
>> Exponent: 65537 (0x10001)
>> X509v3 extensions:
>> X509v3 Basic Constraints: 
>> CA:FALSE
>> Netscape Comment: 
>> OpenSSL Generated Certificate
>> X509v3 Subject Key Identifier: 
>> 
>44:3C:48:E2:82:B6:77:02:B1:90:84:D3:B0:CD:0C:18:6E:81:9F:7E
>> X509v3 Authority Key Identifier: 
>>  
>> keyid:85:64:41:58:57:5F:91:5E:E1:A7:85:6B:CB:B7:F4:03:C4:F9:A8:31
>>  
>> DirName:/C=FR/ST=France/L=Genvilliers/O=THE_ORG/OU=UNIT/CN=ca
>> serial:00
>> 
>> Signature Algorithm: md5WithRSAEncryption
>> 05:0a:10:ec:dd:04:9e:8d:bb:98:2d:82:8f:c5:a0:f7:6b:06:
>> 97:52:c0:a2:c0:f2:25:8c:81:41:a5:80:f2:1e:72:da:a5:d2:
>> 28:df:44:77:0f:6b:df:9a:1e:06:c7:83:6a:7d:40:89:96:1f:
>> be:f5:2b:b2:fc:4c:91:a9:0c:89:e8:00:37:d5:a1:ab:a8:82:
>> 7b:92:d9:ba:e9:1b:57:3d:32:62:96:ba:29:1d:3f:9b:83:64:
>> b8:92:37:74:16:4d:3f:be:bf:cf:25:70:03:05:06:de:d2:52:
>> 94:ff:6a:fc:0c:32:ef:aa:ab:63:6d:e1:77:56:fc:3f:32:c6:
>> 20:a8
>> 
>> 
>> 
>> -
>> Henri Gomez ___[_]
>> EMAIL : [EMAIL PROTECTED](. .) 
>> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
>> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 
>> 
>
>
>__
>Voila vous propose une boite aux lettres gratuite sur Voila Mail:
>http://mail.voila.fr
>
>

Re: SSL handshake failure URGENT

2001-06-15 Thread Harish kumar AP


Hi All,

I would like to use Tomcat 3.2.2 (Servlet and Jsp engine), with Zeus Web Server 3.3.8. 
I need know how to configure Tomcat with Zeus web server. If
some body provide me some link or information, would be of great help.


Thanks in advance.

Regards
-Harish

RE: SSL handshake failure URGENT

2001-06-15 Thread Jean-Etienne G.


ok now it's done, but same error
HandShake Failure

I made the new server request, the new server certification, the new server x509 
conversion, and the new server into tomcat keystore importation

(I send you the new server certificate)

must we also replace to CN of the client ? (I didn't do it)
maybe the CN of the CA ?



> The problem is in the CN of the server cert :
>
> replace CN=server by CN=thehostname !!!
>
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number: 2 (0x2)
> Signature Algorithm: md5WithRSAEncryption
> Issuer: C=FR, ST=France, L=Genvilliers, O=THE_ORG, OU=UNIT, CN=ca
> Validity
> Not Before: Jun 14 08:47:55 2001 GMT
> Not After : Jun 14 08:47:55 2002 GMT
> Subject: C=FR, ST=France, O=THE_ORG, OU=UNIT, CN=server
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> RSA Public Key: (1024 bit)
> Modulus (1024 bit):
> 00:f2:bc:0c:53:78:d3:08:85:b3:e1:70:7c:a8:d1:
> f1:64:49:37:e0:83:48:ac:5c:18:51:93:fd:31:49:
> 12:24:3a:57:13:e0:3a:97:25:ee:29:f5:16:f2:da:
> a7:fc:84:89:f6:50:53:2c:09:2a:a9:f5:91:b8:33:
> a5:ec:2f:16:07:b8:bf:60:01:06:aa:cc:be:fd:a9:
> 85:04:22:25:2b:16:4d:49:b4:11:bc:0a:68:1c:95:
> 6c:a6:ad:8c:f4:ef:30:11:41:6e:cf:3b:ca:a6:6a:
> e9:1b:bf:41:28:b0:5e:c8:03:8c:cb:22:ce:80:38:
> 3b:c3:9f:ac:e3:5e:77:cb:7b
> Exponent: 65537 (0x10001)
> X509v3 extensions:
> X509v3 Basic Constraints:
> CA:FALSE
> Netscape Comment:
> OpenSSL Generated Certificate
> X509v3 Subject Key Identifier:
> 44:3C:48:E2:82:B6:77:02:B1:90:84:D3:B0:CD:0C:18:6E:81:9F:7E
> X509v3 Authority Key Identifier:
>
> keyid:85:64:41:58:57:5F:91:5E:E1:A7:85:6B:CB:B7:F4:03:C4:F9:A8:31
>
> DirName:/C=FR/ST=France/L=Genvilliers/O=THE_ORG/OU=UNIT/CN=ca
> serial:00
>
> Signature Algorithm: md5WithRSAEncryption
> 05:0a:10:ec:dd:04:9e:8d:bb:98:2d:82:8f:c5:a0:f7:6b:06:
> 97:52:c0:a2:c0:f2:25:8c:81:41:a5:80:f2:1e:72:da:a5:d2:
> 28:df:44:77:0f:6b:df:9a:1e:06:c7:83:6a:7d:40:89:96:1f:
> be:f5:2b:b2:fc:4c:91:a9:0c:89:e8:00:37:d5:a1:ab:a8:82:
> 7b:92:d9:ba:e9:1b:57:3d:32:62:96:ba:29:1d:3f:9b:83:64:
> b8:92:37:74:16:4d:3f:be:bf:cf:25:70:03:05:06:de:d2:52:
> 94:ff:6a:fc:0c:32:ef:aa:ab:63:6d:e1:77:56:fc:3f:32:c6:
> 20:a8
>
>
>
> -
> Henri Gomez ___[_]
> EMAIL : [EMAIL PROTECTED](. .)
> PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
>


__
Voila vous propose une boite aux lettres gratuite sur Voila Mail:
http://mail.voila.fr


 sr_cert_new.pem

RE: SSL handshake failure URGENT

2001-06-15 Thread GOMEZ Henri


The problem is in the CN of the server cert :

replace CN=server by CN=thehostname !!!

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=FR, ST=France, L=Genvilliers, O=THE_ORG, OU=UNIT, CN=ca
Validity
Not Before: Jun 14 08:47:55 2001 GMT
Not After : Jun 14 08:47:55 2002 GMT
Subject: C=FR, ST=France, O=THE_ORG, OU=UNIT, CN=server
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:f2:bc:0c:53:78:d3:08:85:b3:e1:70:7c:a8:d1:
f1:64:49:37:e0:83:48:ac:5c:18:51:93:fd:31:49:
12:24:3a:57:13:e0:3a:97:25:ee:29:f5:16:f2:da:
a7:fc:84:89:f6:50:53:2c:09:2a:a9:f5:91:b8:33:
a5:ec:2f:16:07:b8:bf:60:01:06:aa:cc:be:fd:a9:
85:04:22:25:2b:16:4d:49:b4:11:bc:0a:68:1c:95:
6c:a6:ad:8c:f4:ef:30:11:41:6e:cf:3b:ca:a6:6a:
e9:1b:bf:41:28:b0:5e:c8:03:8c:cb:22:ce:80:38:
3b:c3:9f:ac:e3:5e:77:cb:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: 
CA:FALSE
Netscape Comment: 
OpenSSL Generated Certificate
X509v3 Subject Key Identifier: 
44:3C:48:E2:82:B6:77:02:B1:90:84:D3:B0:CD:0C:18:6E:81:9F:7E
X509v3 Authority Key Identifier: 
 
keyid:85:64:41:58:57:5F:91:5E:E1:A7:85:6B:CB:B7:F4:03:C4:F9:A8:31
 
DirName:/C=FR/ST=France/L=Genvilliers/O=THE_ORG/OU=UNIT/CN=ca
serial:00

Signature Algorithm: md5WithRSAEncryption
05:0a:10:ec:dd:04:9e:8d:bb:98:2d:82:8f:c5:a0:f7:6b:06:
97:52:c0:a2:c0:f2:25:8c:81:41:a5:80:f2:1e:72:da:a5:d2:
28:df:44:77:0f:6b:df:9a:1e:06:c7:83:6a:7d:40:89:96:1f:
be:f5:2b:b2:fc:4c:91:a9:0c:89:e8:00:37:d5:a1:ab:a8:82:
7b:92:d9:ba:e9:1b:57:3d:32:62:96:ba:29:1d:3f:9b:83:64:
b8:92:37:74:16:4d:3f:be:bf:cf:25:70:03:05:06:de:d2:52:
94:ff:6a:fc:0c:32:ef:aa:ab:63:6d:e1:77:56:fc:3f:32:c6:
20:a8



-
Henri Gomez ___[_]
EMAIL : [EMAIL PROTECTED](. .) 
PGP KEY : 697ECEDD...oOOo..(_)..oOOo...
PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6

RE: SSL handshake failure URGENT

2001-06-15 Thread Jean-Etienne G.


Here they are
(all the files I have generated with these openssl commands)

> can u send ur server,client,ca certs?
>
> Rams
> +91-040-3000401 x 2162 (O)
> +91-040-6313447 (R)
>
>
> -Original Message-
> From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 14, 2001 7:27 PM
> To: [EMAIL PROTECTED]
> Subject: SSL handshake failure URGENT
>
>
> Hello,
>
>  I get no responses for my previous mails... so maybe I did not contact the
> good mailing list. Please give me an start of response...
>
>  Hello,
>  I have a cert importation problem
>
>  here is the output of an openSSL client command [witch emulate a browser]
> (openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem -key
>  cl_key.pem -state) :
>
>  Enter PEM pass phrase:
>  CONNECTED(0003)
>  SSL_connect:before/connect initialization
>  SSL_connect:SSLv2/v3 write client hello A
>  SSL3 alert read:fatal:handshake failure
>  SSL_connect:error in SSLv2/v3 read server hello A
>  1993:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
> handshake failure:s23_clnt.c:453:
>
>  Can someone help me ?
>  Is it a way to make it work without installing apache ?
>  Thanks for your answer
>
>
>
>
>  I have this tomcat configuration :
>
>
>  
>value=3D"org.apache.tomcat.service.http.HttpConnectionHandler"/>
>value=3D"8443"/>
>value=3D"org.apache.tomcat.net.SSLSocketFactory" />
>value=3D"/opt/tomcat-3-2-2/tomcat/conf/keystore" />
>value=3D"pwd_sr" />
>value=3D"true" />
>  
>
>
>  And that are all the lines procedure I entered to make it well work
>
>  mkdir ./demoCA
>  echo "" > ./demoCA/index.txt
>  echo "01" > ./demoCA/serial
>
>  # CA
>  openssl req -new -out ca_req.pem -keyout ca_key.pem
>  #pwd:pwd_ca
>  #challenge_pwd:ch_ca
>  #company name:THE_ORG
>
>  # CLIENT
>  openssl req -new -out cl_req.pem -keyout cl_key.pem
>  #pwd:pwd_cl
>  #ch_pwd:ch_cl
>  #company name:THE_ORG
>  # SERVER
>  openssl req -new -out sr_req.pem -keyout sr_key.pem
>  #pwd:pwd_sr
>  #ch_pwd:ch_sr
>  #company name:THE_ORG
>  # CA AUTH
>  echo "CA AUTH : enter CA password"
>  openssl req -x509 -in ca_req.pem -key ca_key.pem -out ca_cert.pem
>  #pwd:pwd_ca
>  rm ./demoCA/index.txt
>  rm ./demoCA/serial
>  cat "" > ./demoCA/index.txt
>  cat "01" > ./demoCA/serial
>
>  # CLIENT AUTH BY CA
>  echo "CL AUTH : enter CA password"
>  openssl ca -cert ca_cert.pem -in cl_req.pem -out cl_cert.pem -keyfile
> ca_key.pem -config /usr/local/ssl/openssl.cnf
>  #pwd:pwd_ca
>
>  # SERVER AUTH BY CA
>  echo "SR AUTH : enter CA password"
>  openssl ca -cert ca_cert.pem -in sr_req.pem -out sr_cert.pem -keyfile
> ca_key.pem -config /usr/local/ssl/openssl.cnf
>  #pwd:pwd_ca
>
>  # CONVERT SERVER AUTH FROM PEM FORMAT TO DER FORMAT
>  openssl x509 -inform PEM -in sr_cert.pem -outform DER -out sr_cert.der
>
>  # REMOVE PREVIOUS KEYSTORE
>  rm /opt/tomcat-3-2-2/tomcat/conf/keystore
>
>  # IMPORT SERVER CERT IN TOMCAT KEYSTORE
>  echo "IMPORT SR CERT : enter SR password"
>  /usr/java/jdk1.3/bin/keytool -import -v -trustcacerts -alias tomcat -file
> sr_cert.der -keystore /opt/tomcat-3-2-2/tomcat/conf/keystore
>  #pwd:pwd_sr
>
>  # CONVERTING CLIENT CERT INTO NETSCAPE PKCS12 FORMAT
>  echo "CL CERT CONVERSION : PEM -> P12 : enter CL passwd"
>  openssl pkcs12 -in cl_cert.pem -inkey cl_key.pem -export -out cl_cert.p12
>  #pwd:pwd_cl
>  #exp_pwd:pwd_cl
>
>  # CONNECTION TO THE TOMCAT SERVER
>  openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem -key
> cl_key.pem -state
> __
> Voila vous propose une boite aux lettres gratuite sur Voila Mail:
> http://mail.voila.fr
>
>
>


__
Voila vous propose une boite aux lettres gratuite sur Voila Mail:
http://mail.voila.fr


 certs.zip

RE: SSL handshake failure URGENT

2001-06-15 Thread Rams


can u send ur server,client,ca certs?

Rams
+91-040-3000401 x 2162 (O)
+91-040-6313447 (R)


-Original Message-
From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 14, 2001 7:27 PM
To: [EMAIL PROTECTED]
Subject: SSL handshake failure URGENT


Hello,

 I get no responses for my previous mails... so maybe I did not contact the
good mailing list. Please give me an start of response...

 Hello,
 I have a cert importation problem

 here is the output of an openSSL client command [witch emulate a browser]
(openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem -key
 cl_key.pem -state) :

 Enter PEM pass phrase:
 CONNECTED(0003)
 SSL_connect:before/connect initialization
 SSL_connect:SSLv2/v3 write client hello A
 SSL3 alert read:fatal:handshake failure
 SSL_connect:error in SSLv2/v3 read server hello A
 1993:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure:s23_clnt.c:453:

 Can someone help me ?
 Is it a way to make it work without installing apache ?
 Thanks for your answer




 I have this tomcat configuration :


 
 
 
 
 
 
 
 


 And that are all the lines procedure I entered to make it well work

 mkdir ./demoCA
 echo "" > ./demoCA/index.txt
 echo "01" > ./demoCA/serial

 # CA
 openssl req -new -out ca_req.pem -keyout ca_key.pem
 #pwd:pwd_ca
 #challenge_pwd:ch_ca
 #company name:THE_ORG

 # CLIENT
 openssl req -new -out cl_req.pem -keyout cl_key.pem
 #pwd:pwd_cl
 #ch_pwd:ch_cl
 #company name:THE_ORG
 # SERVER
 openssl req -new -out sr_req.pem -keyout sr_key.pem
 #pwd:pwd_sr
 #ch_pwd:ch_sr
 #company name:THE_ORG
 # CA AUTH
 echo "CA AUTH : enter CA password"
 openssl req -x509 -in ca_req.pem -key ca_key.pem -out ca_cert.pem
 #pwd:pwd_ca
 rm ./demoCA/index.txt
 rm ./demoCA/serial
 cat "" > ./demoCA/index.txt
 cat "01" > ./demoCA/serial

 # CLIENT AUTH BY CA
 echo "CL AUTH : enter CA password"
 openssl ca -cert ca_cert.pem -in cl_req.pem -out cl_cert.pem -keyfile
ca_key.pem -config /usr/local/ssl/openssl.cnf
 #pwd:pwd_ca

 # SERVER AUTH BY CA
 echo "SR AUTH : enter CA password"
 openssl ca -cert ca_cert.pem -in sr_req.pem -out sr_cert.pem -keyfile
ca_key.pem -config /usr/local/ssl/openssl.cnf
 #pwd:pwd_ca

 # CONVERT SERVER AUTH FROM PEM FORMAT TO DER FORMAT
 openssl x509 -inform PEM -in sr_cert.pem -outform DER -out sr_cert.der

 # REMOVE PREVIOUS KEYSTORE
 rm /opt/tomcat-3-2-2/tomcat/conf/keystore

 # IMPORT SERVER CERT IN TOMCAT KEYSTORE
 echo "IMPORT SR CERT : enter SR password"
 /usr/java/jdk1.3/bin/keytool -import -v -trustcacerts -alias tomcat -file
sr_cert.der -keystore /opt/tomcat-3-2-2/tomcat/conf/keystore
 #pwd:pwd_sr

 # CONVERTING CLIENT CERT INTO NETSCAPE PKCS12 FORMAT
 echo "CL CERT CONVERSION : PEM -> P12 : enter CL passwd"
 openssl pkcs12 -in cl_cert.pem -inkey cl_key.pem -export -out cl_cert.p12
 #pwd:pwd_cl
 #exp_pwd:pwd_cl

 # CONNECTION TO THE TOMCAT SERVER
 openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem -key
cl_key.pem -state
__
Voila vous propose une boite aux lettres gratuite sur Voila Mail:
http://mail.voila.fr

RE: SSL handshake failure URGENT

2001-06-15 Thread GOMEZ Henri


>First, thanks to have taken the time to help me :)
>But I fear I didn't understand the answer :(
>where must I enter the same name as what ?
>
>example : I am under Linux, the hostname is "thehostname"
>is that that you call server name, or is it a name that you 
>enter in the server.xml file (if yes with witch tag ?)

if your server is thehostname you respond that when 
openssl ask the COMMON NAME is SERVER CERT GENERATION :

>> > # SERVER
>> > openssl req -new -out sr_req.pem -keyout sr_key.pem
>> > #pwd:pwd_sr
>> > #ch_pwd:ch_sr
>> > #company name:THE_ORG 


>And where must I enter the same name as the servername ?
>what field of witch openSSL command ?
>
>Thanks for your answer !
>
> JEG
>
>> > # CA
>> > openssl req -new -out ca_req.pem -keyout ca_key.pem
>> > #pwd:pwd_ca
>> > #challenge_pwd:ch_ca
>> > #company name:THE_ORG
>> >
>> > # CLIENT
>> > openssl req -new -out cl_req.pem -keyout cl_key.pem
>> > #pwd:pwd_cl
>> > #ch_pwd:ch_cl
>> > #company name:THE_ORG 
>> > # SERVER
>> > openssl req -new -out sr_req.pem -keyout sr_key.pem
>> > #pwd:pwd_sr
>> > #ch_pwd:ch_sr
>> > #company name:THE_ORG 
>> > # CA AUTH 
>> > echo "CA AUTH : enter CA password"
>> > openssl req -x509 -in ca_req.pem -key ca_key.pem -out ca_cert.pem
>> > #pwd:pwd_ca
>> > rm ./demoCA/index.txt
>> > rm ./demoCA/serial
>> > cat "" > ./demoCA/index.txt
>> > cat "01" > ./demoCA/serial 
>> >
>> > # CLIENT AUTH BY CA 
>> > echo "CL AUTH : enter CA password"
>> > openssl ca -cert ca_cert.pem -in cl_req.pem -out cl_cert.pem 
>> >-keyfile ca_key.pem -config /usr/local/ssl/openssl.cnf
>> > #pwd:pwd_ca
>> >
>> > # SERVER AUTH BY CA 
>> > echo "SR AUTH : enter CA password"
>> > openssl ca -cert ca_cert.pem -in sr_req.pem -out sr_cert.pem 
>> >-keyfile ca_key.pem -config /usr/local/ssl/openssl.cnf
>> > #pwd:pwd_ca
>> >
>> > # CONVERT SERVER AUTH FROM PEM FORMAT TO DER FORMAT
>> > openssl x509 -inform PEM -in sr_cert.pem -outform DER -out 
>sr_cert.der
>> >
>> > # REMOVE PREVIOUS KEYSTORE
>> > rm /opt/tomcat-3-2-2/tomcat/conf/keystore
>> >
>> > # IMPORT SERVER CERT IN TOMCAT KEYSTORE
>> > echo "IMPORT SR CERT : enter SR password"
>> > /usr/java/jdk1.3/bin/keytool -import -v -trustcacerts -alias 
>> >tomcat -file sr_cert.der -keystore 
>> >/opt/tomcat-3-2-2/tomcat/conf/keystore
>> > #pwd:pwd_sr
>> >
>> > # CONVERTING CLIENT CERT INTO NETSCAPE PKCS12 FORMAT
>> > echo "CL CERT CONVERSION : PEM -> P12 : enter CL passwd"
>> > openssl pkcs12 -in cl_cert.pem -inkey cl_key.pem -export -out 
>> >cl_cert.p12
>> > #pwd:pwd_cl
>> > #exp_pwd:pwd_cl
>> >
>> > # CONNECTION TO THE TOMCAT SERVER
>> > openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem 
>> >-key cl_key.pem -state
>
>
>__
>Voila vous propose une boite aux lettres gratuite sur Voila Mail:
>http://mail.voila.fr
>
>
>

RE: SSL handshake failure URGENT

2001-06-15 Thread Jean-Etienne G.


> Did you set correctly the SERVER Common Name ?
> It must match the server name (ie: mybecane.com)

First, thanks to have taken the time to help me :)
But I fear I didn't understand the answer :(
where must I enter the same name as what ?

example : I am under Linux, the hostname is "thehostname"
is that that you call server name, or is it a name that you enter in the server.xml 
file (if yes with witch tag ?)

And where must I enter the same name as the servername ?
what field of witch openSSL command ?

Thanks for your answer !

 JEG

> > # CA
> > openssl req -new -out ca_req.pem -keyout ca_key.pem
> > #pwd:pwd_ca
> > #challenge_pwd:ch_ca
> > #company name:THE_ORG
> >
> > # CLIENT
> > openssl req -new -out cl_req.pem -keyout cl_key.pem
> > #pwd:pwd_cl
> > #ch_pwd:ch_cl
> > #company name:THE_ORG
> > # SERVER
> > openssl req -new -out sr_req.pem -keyout sr_key.pem
> > #pwd:pwd_sr
> > #ch_pwd:ch_sr
> > #company name:THE_ORG
> > # CA AUTH
> > echo "CA AUTH : enter CA password"
> > openssl req -x509 -in ca_req.pem -key ca_key.pem -out ca_cert.pem
> > #pwd:pwd_ca
> > rm ./demoCA/index.txt
> > rm ./demoCA/serial
> > cat "" > ./demoCA/index.txt
> > cat "01" > ./demoCA/serial
> >
> > # CLIENT AUTH BY CA
> > echo "CL AUTH : enter CA password"
> > openssl ca -cert ca_cert.pem -in cl_req.pem -out cl_cert.pem
> >-keyfile ca_key.pem -config /usr/local/ssl/openssl.cnf
> > #pwd:pwd_ca
> >
> > # SERVER AUTH BY CA
> > echo "SR AUTH : enter CA password"
> > openssl ca -cert ca_cert.pem -in sr_req.pem -out sr_cert.pem
> >-keyfile ca_key.pem -config /usr/local/ssl/openssl.cnf
> > #pwd:pwd_ca
> >
> > # CONVERT SERVER AUTH FROM PEM FORMAT TO DER FORMAT
> > openssl x509 -inform PEM -in sr_cert.pem -outform DER -out sr_cert.der
> >
> > # REMOVE PREVIOUS KEYSTORE
> > rm /opt/tomcat-3-2-2/tomcat/conf/keystore
> >
> > # IMPORT SERVER CERT IN TOMCAT KEYSTORE
> > echo "IMPORT SR CERT : enter SR password"
> > /usr/java/jdk1.3/bin/keytool -import -v -trustcacerts -alias
> >tomcat -file sr_cert.der -keystore
> >/opt/tomcat-3-2-2/tomcat/conf/keystore
> > #pwd:pwd_sr
> >
> > # CONVERTING CLIENT CERT INTO NETSCAPE PKCS12 FORMAT
> > echo "CL CERT CONVERSION : PEM -> P12 : enter CL passwd"
> > openssl pkcs12 -in cl_cert.pem -inkey cl_key.pem -export -out
> >cl_cert.p12
> > #pwd:pwd_cl
> > #exp_pwd:pwd_cl
> >
> > # CONNECTION TO THE TOMCAT SERVER
> > openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem
> >-key cl_key.pem -state


__
Voila vous propose une boite aux lettres gratuite sur Voila Mail:
http://mail.voila.fr

RE: SSL handshake failure URGENT

2001-06-14 Thread GOMEZ Henri


Did you set correctly the SERVER Common Name ?
It must match the server name (ie: mybecane.com)

> # CA
> openssl req -new -out ca_req.pem -keyout ca_key.pem
> #pwd:pwd_ca
> #challenge_pwd:ch_ca
> #company name:THE_ORG
>
> # CLIENT
> openssl req -new -out cl_req.pem -keyout cl_key.pem
> #pwd:pwd_cl
> #ch_pwd:ch_cl
> #company name:THE_ORG 
> # SERVER
> openssl req -new -out sr_req.pem -keyout sr_key.pem
> #pwd:pwd_sr
> #ch_pwd:ch_sr
> #company name:THE_ORG 
> # CA AUTH 
> echo "CA AUTH : enter CA password"
> openssl req -x509 -in ca_req.pem -key ca_key.pem -out ca_cert.pem
> #pwd:pwd_ca
> rm ./demoCA/index.txt
> rm ./demoCA/serial
> cat "" > ./demoCA/index.txt
> cat "01" > ./demoCA/serial 
>
> # CLIENT AUTH BY CA 
> echo "CL AUTH : enter CA password"
> openssl ca -cert ca_cert.pem -in cl_req.pem -out cl_cert.pem 
>-keyfile ca_key.pem -config /usr/local/ssl/openssl.cnf
> #pwd:pwd_ca
>
> # SERVER AUTH BY CA 
> echo "SR AUTH : enter CA password"
> openssl ca -cert ca_cert.pem -in sr_req.pem -out sr_cert.pem 
>-keyfile ca_key.pem -config /usr/local/ssl/openssl.cnf
> #pwd:pwd_ca
>
> # CONVERT SERVER AUTH FROM PEM FORMAT TO DER FORMAT
> openssl x509 -inform PEM -in sr_cert.pem -outform DER -out sr_cert.der
>
> # REMOVE PREVIOUS KEYSTORE
> rm /opt/tomcat-3-2-2/tomcat/conf/keystore
>
> # IMPORT SERVER CERT IN TOMCAT KEYSTORE
> echo "IMPORT SR CERT : enter SR password"
> /usr/java/jdk1.3/bin/keytool -import -v -trustcacerts -alias 
>tomcat -file sr_cert.der -keystore 
>/opt/tomcat-3-2-2/tomcat/conf/keystore
> #pwd:pwd_sr
>
> # CONVERTING CLIENT CERT INTO NETSCAPE PKCS12 FORMAT
> echo "CL CERT CONVERSION : PEM -> P12 : enter CL passwd"
> openssl pkcs12 -in cl_cert.pem -inkey cl_key.pem -export -out 
>cl_cert.p12
> #pwd:pwd_cl
> #exp_pwd:pwd_cl
>
> # CONNECTION TO THE TOMCAT SERVER
> openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem 
>-key cl_key.pem -state
>__
>Voila vous propose une boite aux lettres gratuite sur Voila Mail:
>http://mail.voila.fr
>
>
>

RE: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

Re: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

RE: SSL handshake failure URGENT

21 matches

Site Navigation

Mail list logo

Footer information