On 2015-12-01 21:51, Krzysztof Strzeszewski wrote:
Sorry, I'm beginner. I konow, my message was not logical.


uname -a:
#----------------------------------------------------------------------------
OpenBSD hostname 5.8 GENERIC#0 i386
#----------------------------------------------------------------------------


virtual server in httpd.conf:
#----------------------------------------------------------------------------
server "hostname" {
        listen on * port 80
        listen on * tls port 443
        log { access "access.log", error "error.log" }
        tls { certificate "/etc/ssl/server.crt" key 
"/etc/ssl/private/server.key" }
        root "/htdocs/hostname"
}
#----------------------------------------------------------------------------


port 80 end 443 is open:
# netstat -a |grep http
#----------------------------------------------------------------------------
tcp     0       0       localhost.https *.*     LISTEN
tcp     0       0       *.https         *.*     LISTEN
#----------------------------------------------------------------------------


in firefox:
#----------------------------------------------------------------------------
Secure Connection Falied

An error occurred during a connection to my_domain. Cannot communicate
securely whih peer: no common encryption algorithm(s). (Error code:
ssl_error_no_cypher_overlap)
#----------------------------------------------------------------------------


in log from httpd:
#----------------------------------------------------------------------------
httpd: could not parse macro definition SSL
httpd[21336]: server_tls_init: failed to configure TLS - failed to read
private key: Operation not supported by device
#----------------------------------------------------------------------------

Check the following;

1) Does private key match certificate? Verify this like so
(should result in two exact same sha512 strings);
# openssl x509 -noout -modulus -in server.pem | openssl sha512
# openssl rsa -noout -modulus -in server.key | openssl sha512

2) Is httpd allowed to read key file?
# ls -lhart /etc/ssl/server.crt
# ls -lhart /etc/ssl/private/server.key

3) Check with browser random x on random other operating system y.

Reply via email to