Tim,
I've just copied our .crt .key and .crl files from our proper
SSL-enabled web server and tried to use them in a VS (allocated the same
domain name) with the same problem. I guess it's not the certificate
that's the problem anyway?
--
Ben
Tim Sellar wrote:
>
> Do a comparison against the openssl.cnf supplied with OpenSSL. If you
> installed OpenSSL via RPM it will be in /etc/ssl/openssl.cnf, source
> installation, /usr/local/etc/ssl/openssl.cnf. Let me know how you progress
> as I am keen to get our SSL support completely solid.
>
> Tim
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Ben Kennish
> > Sent: 04 June 2001 10:06
> > To: [EMAIL PROTECTED]
> > Subject: Re: HTTPS & OpenSSL
> >
> >
> > "strayed?" - makes me sound like a lost sheep! ;-)
> >
> > Cheers for the info, Tim. Could you mail me the original openssl.cnf so
> > that I could have a play with trying to get it to work?
> >
> > Thanks in advance,
> >
> > --
> > Ben Kennish
> >
> > e: [EMAIL PROTECTED]
> > w: www.fubra.com
> >
> >
> > Tim Sellar wrote:
> > >
> > > Ben, you have strayed innocently into new territory... Using VSD CA
> > > generated certificates in browsers is not something I have
> > tried. The VSD CA
> > > is intended to produce certificates and keys for SSL authenticated
> > > communication between VSD servers and clients - in this
> > situation they never
> > > come into contact with IE or Netscape. Having said that, it
> > would obviously
> > > benficial to have the VSD CA producing certificates that can be
> > easily used
> > > for HTTPS. You could even go the whole hog and use certifiate based
> > > authentication for Qpopper (supported on version 4). I hacked
> > quite a bit
> > > out of the openssl.cnf supplied with freeVSD-1.4.8 (compare it
> > to a standard
> > > distribution openssl.cnf to see) and probably removed something which
> > > Netscape would have liked. You need to identify which bits need
> > to go back
> > > in...
> > >
> > > > -----Original Message-----
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Ben Kennish
> > > > Sent: 31 May 2001 17:03
> > > > To: [EMAIL PROTECTED]
> > > > Subject: HTTPS & OpenSSL
> > > >
> > > >
> > > > I can't seem to set up HTTPS in of my test VS. I have
> > compiled with the
> > > > --with-openssl option.
> > > >
> > > > I have created a certificate for my host server (CA) with vsd-genca
> > > > and one for my vs (vsone) using "vsd-ca_certadd vsone".
> > > >
> > > > But doing https://vsone.office.fubra/ doesn't seem to work (Network
> > > > Error : I/O error with nutscrape.) I've checked through the default
> > > > secure virtual host on the server and it seems OK. I don't
> > get anything
> > > > in Apache's error logs although I do get a few weird looking
> > symbols in
> > > > the access log!
> > > >
> > > > I've tried copying the .crt or .key files that are made on
> > the host from
> > > > vsd-ca_certadd to where Apache is looking for them on the VS but to no
> > > > avail (same error.)
> > > >
> > > > netstat -nat shows that the VS is listening on both 443 and
> > 8443 ports.
> > > >
> > > > Any ideas? Am I missing some vsdadm ca_certadd stuff?
> > > >
> > > > TIA,
> > > >
> > > > --
> > > > Ben Kennish
> > > >
> > > > e: [EMAIL PROTECTED]
> > > > w: www.fubra.com
