Hello All,
I am running:
Server Version: Apache/1.3.6 (Unix) mod_perl/1.19 mod_ssl/2.2.8 OpenSSL/0.9.2b
Server Running On: Sun Ultra Enterprise 2 running SunOS 5.6, 512MB, latest
patches
Basic Problem: Cannot connect via HTTPS.
First of All: I created a temp certificate with my private key and the
HTTPS site works (unknown CA, but works).
Scenario: I got my server.crt back from Verisign. No worky.
Error: My ssl_engine log gives me:
" OpenSSL: error:14080074:SSL routines:SSL3_ACCEPT:bad
protocol version number "
Why I'm asking you all: I followed the FAQ for doing all my comparisons and
the results were wacky.
I tested my server.key verse my server.crt with the method to compare the
entire public modulus and exponent of both. They match exactly. I did: "
openssl rsa -noout -text -in server.key " and " openssl x509 -noout -text
-in server.crt " to test them.
Next I tested my server.csr to my server.key to make sure I submitted the
right request to Verisign, based on the private key I am using. They match
exactly. I did: " openssl req -noout -modulus -in server.csr | openssl
md5 " and " openssl rsa -noout -modulus -in server.key | openssl md5 " to
test them.
Next, I tested my server.crt to my server.key using the shorter method.
They were NOT even close. Totally different. I did: " openssl x509
-noout -modulus -in server.crt | openssl md5 " and " openssl rsa -noout
-modulus -in server.key | openssl md5 " to test them.
I am very confused, as I never thought that the long full compare of my
full public modulus in both the private key and the server certificate
would match and to have the shorter method for comparing the two (piping to
openssl md5) would yield two totally different results. Not a little
different, but as far off as can be.
I assume that there is something totally obvious and simple to resolve
this; or did I just find that one big bug we all never expected to see
(what an honour :)?
At any rate, please help me out with this, it is my last stumbling block,
and like I said, if I simply switch out my server.crt with the certificate
I signed myself at "make" time, the HTTPS will connect just fine (my
servers and clients are geographically dispersed as well, so my
routers/local directors, etc are allowing 443 to that IP and DNS works too).
Thanks for the time,
Brian
---------------------------------
Brian D. Kohl
Chemconnect, Inc.
(Work) 415.364.3328
(Cell) 415.518.9052
---------------------------------
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
