On Thu, Mar 11, 1999, Anton Voronin wrote:
> > > On Wed, Mar 10, 1999, glin wrote:
> > >
> > > > Seems to me, according to the message, the certificate is corrupted or
> > > > modified, or signed with a different private key from the ca's. Did you see
> > > > this msg in the server's log? Or in the browser?
> >
> > Nothing appears in the log files but Netscape says: "The server's certificate has
> > an invalid signature. You will not be able to connect to this site securely."
>
> [skip]
>
> > I first thought that it could happen because I used the server key unencrypted or
> > because I left the challenge password blank. But then I tried encripted key and
> > supplied the challenge password while making CSR, but nothing were changed. BTW,
> > I entered all the fields in CA cert the same as in server CSR - could this be a
> > reason?
>
> I finally found that the problem was really caused by the equality of CA
> certificate's and server certificate's identifying fields. I don't know why but this
> ted to digital signature creation failure.
Oh, than it's _this_ old problem. When I remember correctly a few months ago
Tim Hudson described this problem on this list. Look for his name inside the
sw-mod-ssl mailing list archives. AFAIK it has to do with some hashing or
lookup algorithms inside SSLeay/OpenSSL where the two DNs values override each
other.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
