Sorry if this has been asked before but I could not find any archives
of this list around.
Moving a site from an old Stronghold DEC UNIX Alpha server to a
Solaris 2.6 server running....
Apache/1.3.6 (Unix) ApacheJServ/1.0 PHP/3.0.9 mod_perl/1.19
mod_ssl/2.3.1 OpenSSL/0.9.3a.
The site in question uses SSL and everything works just fine for
recent MS and NS browsers. The problem is with MS and NS 3.X
browsers which give errors like this...
(Netscape 3.01)
The security library has experienced a databas error
You will probably be unable to connect to this site securely.
The log files show the
following....
Virtual client Logs
===================
[Fri Jul 30 14:23:55 1999] [error] mod_ssl: SSL handshake failed
(client 206.63.69.2, server www.timetunnel.com:443)
(OpenSSL library error follows)
[Fri Jul 30 14:23:55 1999] [error] OpenSSL: error:14094412:
SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
[Hint: Subject CN in certificate not server name!?]
ssl_engine_log
==============
[30/Jul/1999 13:30:34] [info] Init: Configuring server www.timetunnel.com:443
for SSL protocol
[30/Jul/1999 13:30:34] [trace] Init: (www.timetunnel.com:443)
Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[30/Jul/1999 13:30:34] [trace] Init: (www.timetunnel.com:443) Configuring
permitted SSL ciphers
[30/Jul/1999 13:30:34] [trace] Init: (www.timetunnel.com:443) Configuring
client authentication
[30/Jul/1999 13:30:34] [trace] CA certificate:
/C=US/ST=Washington/L=Federal Way/O=Time Tunnel, Inc.
/OU=Secure Services Division/CN=www.timetunnel.com
[30/Jul/1999 13:30:34] [trace] CA certificate:
/C=US/ST=Washington/L=Federal Way
/O=Time Tunnel, Inc.
/OU=Secure Services Division/CN=www.timetunnel.com
[30/Jul/1999 13:30:34] [trace] Init: (www.timetunnel.com:443)
Configuring RSA server certificate
[30/Jul/1999 13:30:34] [trace] Init: (www.timetunnel.com:443)
Configuring RSA server private key
[30/Jul/1999 13:30:34] [trace] CA certificate:
/C=US/ST=Washington/L=Federal Way
/O=Time Tunnel, Inc./OU=Secure Services Division/CN=www.timetunnel.com
[30/Jul/1999 13:30:34] [trace] CA certificate:
/C=US/ST=Washington/L=Federal Way
/O=Time Tunnel, Inc./OU=Secure Services Division/CN=www.timetunnel.com
[30/Jul/1999 13:37:32] [info] Connection to child 9 established
(server www.timetunnel.com)
A dump of the certificate shows no obvious problems.
Any help or pointers on why older browsers are having problems
connecting to Apache/mod_ssl would be most appreciated. Thanks.
--
Tim Rosmus <[EMAIL PROTECTED]>
Postmaster / USENET / DNS
WinStar Northwest Nexus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
