Re: [EMAIL PROTECTED] Dual SAN certificate support
On Fri, Feb 03, 2006 at 10:08:19AM -0600, Savage, Robert CTR USTRANSCOM J6 wrote: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7024 Date: 2/2/2006 Time: 8:20:18 AM User: N/A Computer: UNDERDOG Description: The Apache2 service terminated with service-specific error 1. When I edit ssl.conf to point to a single-SAN certificate for another IP-based virtual web site, Apache starts up smartly with no errors. Is it possible for you to debug this crash? I don't know how to get a stack backtrace on Win32 but that's what I'd to see to investigate this any further. Can you give the openssl x509 -text output of the certificate which causes the crash at startup? joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Dual SAN certificate support
Joe, On a Linux host I could get you a stack backtrace in a jiffy. I've never seen that done on a Winders machine, so I'll have to do some rummaging around at MSDN. I'll e-mail the certificate text you asked for directly to your e-mail box rather than to the list. --Doc Robert G. (Doc) Savage, CISSP, RHCE, GCIA Senior Systems Analyst BAE Systems Information Technology USTranscom J6-PI (TFMS) E-mail: [EMAIL PROTECTED] -Original Message- From: Joe Orton [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 4:13 To: Savage, Robert CTR USTRANSCOM J6 Cc: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Dual SAN certificate support On Fri, Feb 03, 2006 at 10:08:19AM -0600, Savage, Robert CTR USTRANSCOM J6 wrote: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7024 Date: 2/2/2006 Time: 8:20:18 AM User: N/A Computer: UNDERDOG Description: The Apache2 service terminated with service-specific error 1. When I edit ssl.conf to point to a single-SAN certificate for another IP-based virtual web site, Apache starts up smartly with no errors. Is it possible for you to debug this crash? I don't know how to get a stack backtrace on Win32 but that's what I'd to see to investigate this any further. Can you give the openssl x509 -text output of the certificate which causes the crash at startup? joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Dual SAN certificate support
On Thu, Feb 02, 2006 at 04:20:42PM -0600, Savage, Robert CTR USTRANSCOM J6 wrote: Acronym defined: SAN = Subject Alternative Name Certificate contains two FQDN entries, one an alias to the other: DNSName: fully.qualified.name DNSName: alias-of.qualified.name What I got back from the CA is a certificate that's slightly longer than one for a single FQDN host. Apache2 refuses to start with this Dual SAN cert. mod_ssl doesn't care about what subjectAltName extensions might be in the certificate, though it might cause false warnings about subject CN mismatches. What error is being printed when the server fails to start? What does the error_log say? Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Dual SAN certificate support
Joe, Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7024 Date: 2/2/2006 Time: 8:20:18 AM User: N/A Computer: UNDERDOG Description: The Apache2 service terminated with service-specific error 1. When I edit ssl.conf to point to a single-SAN certificate for another IP-based virtual web site, Apache starts up smartly with no errors. --Doc Robert G. (Doc) Savage, CISSP, RHCE, GCIA Senior Systems Analyst BAE Systems Information Technology USTranscom J6-PI (TFMS) E-mail: [EMAIL PROTECTED] DSN: 779-3275 Fax: 576-4578 -Original Message- From: Joe Orton [mailto:[EMAIL PROTECTED] Sent: Friday, February 03, 2006 3:46 To: Savage, Robert CTR USTRANSCOM J6 Cc: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Dual SAN certificate support On Thu, Feb 02, 2006 at 04:20:42PM -0600, Savage, Robert CTR USTRANSCOM J6 wrote: Acronym defined: SAN = Subject Alternative Name Certificate contains two FQDN entries, one an alias to the other: DNSName: fully.qualified.name DNSName: alias-of.qualified.name What I got back from the CA is a certificate that's slightly longer than one for a single FQDN host. Apache2 refuses to start with this Dual SAN cert. mod_ssl doesn't care about what subjectAltName extensions might be in the certificate, though it might cause false warnings about subject CN mismatches. What error is being printed when the server fails to start? What does the error_log say? Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]