hi!
sorry if this is a FAQ, but I did not find any solutions in the archive, so...
I am running Apache/1.3.6 (Unix) mod_ssl/2.3.9 OpenSSL/0.9.3a on Linux.
I installed a X.509v3 - Certificate with a DN of:
Subject: C=DE, ST=Germany, O=Universitaet Karlsruhe, OU=MicroBIT,
[EMAIL PROTECTED]
When I try to connect to the server with Netscape 4.x, everything works fine.
When trying to connect with Netscape 3.x, a box pops up saying:
The servers certificate has an invalid signature.
and my logfile saying:
[26/Jul/1999 13:35:21] [error] OpenSSL: error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate
not server name!?]
I am sure I followed the settings for mod_ssl and apache correctly.
older certificates (verisign for example with X509v1) are handled
correctly.
I tried the debug-log-mode, but the result is the same (except that it is
packed in a lot more data :-). I cannot use the extended-logfile-variables
since no entry is made. I wonder if mod_ssl can give not only the Hint but
also print out the CN and servername.
Please help. Further information needed?
ciao, ralf
--
Ralf Wigand
http://www.uni-karlsruhe.de/~Ralf.Wigand/
MicroBIT Koordination / Webmaster Uni KA
PGP-Fingerprint: 09 3B 83 DC 16 66 9C 37 B8 CE 85 FD FF B7 80 ED
------------
Eagles fly, but weasels don't get sucked into jet engines.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
