Ok, so a little followup. I found out what the problem was:
The server certificate bundle given to me by my CA contained a SHA1
certificate along with the other SHA256 certificates. Apparently httpd
didn't like that. Removing this certificate from the bundle fixed my
problem.
Hey!
Thanks for getting back to me. Unfortunately that does not seem to be
the problem in my case. :(
On Mon, May 11, 2015 at 09:45:13PM -0500, Theodore Wynnychenko wrote:
> From: Joel Sing
> Sent: Sunday, March 29, 2015 5:13 AM
> Subject: Re: httpd tls - what am i missing?
> Okay, I
Subject: Re: httpd tls - what am i missing?
Okay, I've at least tracked down the source of the problem - your server.pem
file contains the text version of the certificate followed by the PEM encoded
version. The combined size seems to be triggering an issue in httpd -
removing the text versio
I've got the same problem OP has with a freshly generated key and signed
cert from wosign.com on OpenBSD 5.7-stable.
The cert/key work fine with nginx, but with httpd the client simply
times out when trying to open a session with the server.
OpenSSL s_client stops right after connecting to the se
> And, finally:
>
> 4. they DO NOT work when loaded by httpd
>
> I will be the first to admit that I don't really "know" much about
> public key cryptography and how openssl implements things. But, being
> simple, it seems to me that there are really only two possibilities.
>
> Either apache, p
> And, finally:
>
> 4. they DO NOT work when loaded by httpd
>
> I will be the first to admit that I don't really "know" much about
> public key cryptography and how openssl implements things. But, being
> simple, it seems to me that there are really only two possibilities.
>
> Either apache, p
On Fri, 27 Mar 2015 00:56:31 -0500
Theodore Wynnychenko wrote:
> If there is anything else to try, please let me know.
>> Running current:
>> OpenBSD 5.7-current (RAMDISK_CD) #818: Wed Mar 18 18:59:52 MDT 2015
>>dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
A snapshot
> On Thu, 26 Mar 2015 08:30:23 +0100
> mxb wrote:
>
>> >
>> > Thank you for the suggestion. I was not aware of "pound."
>>
>> I?d rather go for relayd. Which is out of the box. No need to install ?yet
>> another port and make sure it is up2date?.
>
> httpd is based on relayd code which would reduc
Is the certificate and key PEM encoded?
Also i would try something like tcpdump while connecting to a new machine
with https.
On Thu, 26 Mar 2015 23:55 Theodore Wynnychenko wrote:
> Quoting Kevin Chadwick :
>
> > On Thu, 26 Mar 2015 08:30:23 +0100
> > mxb wrote:
> >
> >> >
> >> > Thank you for the suggestion. I was not aware of "poun
Quoting Kevin Chadwick :
On Thu, 26 Mar 2015 08:30:23 +0100
mxb wrote:
>
> Thank you for the suggestion. I was not aware of "pound."
I?d rather go for relayd. Which is out of the box. No need to install ?yet
another port and make sure it is up2date?.
httpd is based on relayd code which wou
On Thu, 26 Mar 2015 08:30:23 +0100
mxb wrote:
> >
> > Thank you for the suggestion. I was not aware of "pound."
>
> I’d rather go for relayd. Which is out of the box. No need to install “yet
> another port and make sure it is up2date”.
httpd is based on relayd code which would reduce the scop
On Wed, Mar 25, 2015 at 05:40:11PM GMT, Theodore Wynnychenko wrote:
Hi Theodore,
> So, I checked the certificate:
> openssl x509 -text -noout -in /etc/ssl/server.crt
>
> and I get:
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number: 1 (0x1)
> Signature Algorithm: s
> On 25 mar 2015, at 23:44, Theodore Wynnychenko wrote:
>
> Thank you for the suggestion. I was not aware of "pound."
Iâd rather go for relayd. Which is out of the box. No need to install âyet
another port and make sure it is up2dateâ.
//mxb
Ah, ok. Sorry for the noise, then. :-)
/Alexander
On March 26, 2015 1:47:00 AM GMT+01:00, trondd wrote:
>On 3/25/15, Alexander Hall wrote:
>> I have a feeling you cannot mix encrypted and plaintext in the same
>block,
>> but I could be wrong.
>>
>> /Alexander
>
>The example in the man page im
Subject: Re: httpd tls - what am i missing?
On 3/25/15, Theodore Wynnychenko wrote:
>
> Is there anything for me to look at/consider in trying to correct this?
>
> Thanks
> Ted
>
>
Here is a working example from my server. Note that I don't bother
with port 80. You
On 3/25/15, Alexander Hall wrote:
> I have a feeling you cannot mix encrypted and plaintext in the same block,
> but I could be wrong.
>
> /Alexander
The example in the man page implies that it will work, also I just
tried it with my config. Seems to be working fine.
Tim.
On March 25, 2015 6:40:11 PM GMT+01:00, Theodore Wynnychenko
wrote:
>Hello again:
>I am still having no luck with https and the new httpd server.
>I am sorry if this is something stupid, but I would really appreciate a
>whack with the clue stick.
>
>As I said originally, http connections work fin
On 3/25/15, Theodore Wynnychenko wrote:
>
> Is there anything for me to look at/consider in trying to correct this?
>
> Thanks
> Ted
>
>
Here is a working example from my server. Note that I don't bother
with port 80. You might want to try without the port 80 listen line to
rule out some config
On Wed, 25 Mar 2015 12:40:11 -0500
>> I took the server.key and server.crt files to an older machine (actually,
>> the one I am trying to replace) that is running 4.9 (I
>> think) and apache.
>
> On Wednesday, March 25, 2015 1:52 PM:
>
>Why not see if you can get it working with pound from packag
On Wed, 25 Mar 2015 12:40:11 -0500
Theodore Wynnychenko wrote:
> I took the server.key and server.crt files to an older machine (actually, the
> one I am trying to replace) that is running 4.9 (I
> think) and apache.
Why not see if you can get it working with pound from packages/ports
(very quic
Hello again:
I am still having no luck with https and the new httpd server.
I am sorry if this is something stupid, but I would really appreciate a whack
with the clue stick.
As I said originally, http connections work fine with openbsd-current, but
https connections never connect.
I have tried
Hello Theodore,
On 23 March 2015 at 19:35, Theodore Wynnychenko wrote:
> Hello
> I think I missing something very obvious, but I have been struggling with
> this for a while, and hope that someone will point out my
> oversight.
>
> Running current:
> OpenBSD 5.7-current (RAMDISK_CD) #818: Wed Ma
Hello
I think I missing something very obvious, but I have been struggling with this
for a while, and hope that someone will point out my
oversight.
Running current:
OpenBSD 5.7-current (RAMDISK_CD) #818: Wed Mar 18 18:59:52 MDT 2015
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/R
24 matches
Mail list logo