Success! I finally found out what my problem was. I was using the
example nsd.tcl config file and found the line that was the problem.
Towards the bottom, it checks for the existence of the keyfile and the
certfile, if they exist it sets the following param:
ns_param nsssl ${binddir}/${sslmodule}
It shoud be:
ns_param nsopenssl ${bindir}/${sslmodule}
I thought that 'nsssl' was some reserved word for SSL support, but I
was wrong.
Once I punched a hole in my firewall, everything worked like a charm.
Scott Goodwin wrote:
>
> It shouldn't matter. I tested your cert on my system running OpenSSL
0.9.6
> and it worked, so I doubt it's the version you generated it with. Check
file
> permissions and make sure you've put the .pem's in the
> server/<servername>/modules/nsopenssl directory. Also check to make sure
> you've only put the cert.pem and key.pem in the nsd.tcl file, instead of
a
> relative path with dir components. It may not be finding the files at
all,
> or may not have ownership/perms to view the files.
>
> /s.
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Tony Wells
> Sent: Tuesday, May 15, 2001 4:39 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Your cert and key
>
> God bless Netscape's mail client for adding those \r's to the file. I
> checked the originals I sent you with 'od -c' and there were only \n's
> in there.
>
> So it worked for you? I created that cert/key before I upgraded my
> OpenSSL kit, so I'll try and generate another one and see if it's a
> version compatibility thing.
>
> I'll let you know what I find out...
>
> > Goodwin Scott S Civ 96 CG/SCTOB wrote:
> >
> > Tony, your certificate works fine for me. Check one thing for me
> > with yours: I sometimes find that someone has cut and pasted their
> > cert and key using a Microsoft product. DOS uses CR and LF, where
> > Unix only uses LF. I have to edit the file in vi, do a:
> >
> > :1,$ s/^M//g
> >
> > to get rid of the DOS crap. If you change anything from the BEGIN
> > KEY or BEGIN CERT to the END line, it won't work. The ^M's on the
> > line ends become part of the certificate and key, so it fails.
> >
> > I've attached your cert and key with the ^M's taken off. Try these.
> >
> > If this turns out to be the problem, please post a response to the
> > discussion group so all know what happened. If not, we'll take it a
> > step further and use the ssl-platform to compile and test with.
> >
> > /s.
> >
> > ________________________________________
> > Scott S. Goodwin
> > Chief, Information Technology Section
> > 96th Communications Group
> > 201 West Eglin Blvd, Suite 255, Eglin AFB, FL 32542
> > Commercial: 850-882-4070 DSN: 872-4070
> > mailto:[EMAIL PROTECTED]
> >
> >
> >
> > Name: tcert.pem
> > tcert.pem Type: unspecified type (application/octet-stream)
> > Encoding: quoted-printable
> >
> > Name: tkey.pem
> > tkey.pem Type: unspecified type (application/octet-stream)
> > Encoding: quoted-printable
