Full_Name: Claude Gross
Version: 2.4.9
OS: Linux 2.2.12-20smp i386 (redhat 6.1)
Submission from: noyer.grenoble.urec.cnrs.fr (195.220.197.22)
Server: Apache/1.3.9 (Unix) mod_ssl/2.4.9 OpenSSL/0.9.4
I want to use certificate delivered by my own CA.
I have done the following :
- openssl genrsa -out server.key
- openssl req -new -key server.key -out cert.pem
- openssl ca -out server.crt -in cert.pem
I moved the server.key file in conf/ssl.key and server.crt file in conf/ssl.crt
Theses directory are specified in my apache httpd.conf file :
SSLCertificateFile conf/ssl.crt/server.crt
SSLCertificateKeyFile conf/ssl.key/server.key
SSLCACertificatePath conf/ssl.crt
SSLCACertificateFile conf/ssl.crt/ca-bundle.crt
I have imported my CA certificate in my browser (Netscape 4.6)
When I try to connect to my server, my browser says :
"The certificate is not approved for the attempted application"
and in my error log file :
[Wed Dec 8 17:27:39 1999] [error] mod_ssl: SSL handshake failed (server
kaki.grenoble.urec.cnrs.fr:443, client 195.220.197.22) (OpenSSL library error
follows)
[Wed Dec 8 17:27:39 1999] [error] OpenSSL: error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in
certificate not server name or identical to CA!?]
With my configuration, if I create a self-signed certificate, all work well.
Where is the problem? Can you help me?
Thank you
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
