The problem was solved by having different description for certifying auth.
Got it from one of the mails in the list. Its working!
Thanks
NKN
----Original Message Follows----
From: Naresh Narang <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Installation of mod_ssl
Date: Mon, 29 Nov 1999 17:04:46 +0530
MIME-Version: 1.0
>From [EMAIL PROTECTED] Mon Nov 29 21:09:30 1999
Received: from [129.132.7.153] by hotmail.com (3.2) with ESMTP id
MHotMailBA0CA69B0086D82197E681840799D9B70; Mon Nov 29 21:07:46 1999
Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-Lid
CAA10777; Tue, 30 Nov 1999 02:57:51 +0100 (MET)
Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for
<[EMAIL PROTECTED]>from airhqst.air.org.in id CAA10772; Tue, 30 Nov
1999 02:57:42 +0100 (MET)
Received: from hotmail.com (airhq.air.org.in [203.197.220.242])by
airhqst.air.org.in (8.8.7/8.8.7) with ESMTP id QAA10841for
<[EMAIL PROTECTED]>; Mon, 29 Nov 1999 16:58:26 +0530
Message-ID: <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.04 [en] (Win95; I)
Sender: [EMAIL PROTECTED]
Precedence: bulk
X-Sender: Naresh Narang <[EMAIL PROTECTED]>
X-List-Manager: Majordomo [version 1.94.4]
X-List-Name: modssl-users
Hello
I've followed all the steps for installation of mod_ssl and mod_ssl
enabled httpd was created. It is listening on port 443. The problem is
with server certificate. While generating self signed certificate, as
per the procedure given in faq, everything went ok except in the end of
the script "sign.sh" when there was an error message saying that the
certificate could not be verified with self generated ca.crt! Although
it has generated the server.crt certificate file and it verifies with
the private key.
Various messages are as follows:
--------------------
File: ssl_engine_log
Message:
verify error:num=18:self signed certificate
verify return:1
depth=0
/C=IN/ST=Delhi/L=Delhi/O=AIR/OU=EDP/CN=hostname.domain/Email=name@domain
verify error:num=7:certificate signature failure
verify return:1
depth=0
/C=IN/ST=Delhi/L=Delhi/O=AIR/OU=EDP/CN=hostname.domain/Email=name@domain
verify return:1
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:error in SSLv3 read server certificate B
18690:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block
type is not 01:rsa_pk1.c:100:
18690:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
failed:rsa_eay.c:394:
18690:error:0D079006:asn1 encoding routines:ASN1_verify:bad get asn1
object call:a_verify.c:106:
18690:error:140900F7:SSL routines:SSL3_GET_SERVER_CERTIFICATE:unknown
certificate type:s3_clnt.c:793:
---------------
File: error_log
Message:
[Nov 29 15:51:03 1999] [error] mod_ssl: SSL handshake failed (server
hostname.domain:443, client 172.16.1.59) (OpenSSL library error follows)
[Mon Nov 29 15:51:03 1999] [error] OpenSSL: error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN
in certificate not server
name or identical to CA!?]
------------------------
Tail message of the command:
#openssl s_client -connect hostname.domain:443 -state -debug
It gets connected to the server and prints lot of numbers followed by
this:
connection to child 0 established (server hostname.domain:443, client
172.16.1.59)
[29/Nov/1999 15:51:03 18683] [error] SSL handshake failed (server
hostname.domain:443, client 172.16.1.59) (OpenSSL library error follows)
[29/Nov/1999 15:51:03 18683] [error] OpenSSL: error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN
in certificate not server name or identical to CA!?]
[29/Nov/1999 15:52:29 18685] [info] Connection to child 2 established
(server hostname.domain:443, client 172.16.1.1)
[29/Nov/1999 15:52:29 18685] [info] Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
[29/Nov/1999 15:54:00 18684] [info] Connection to child 1 established
(server hostname.domain:443, client 172.16.1.1)
[29/Nov/1999 15:54:00 18684] [info] Spurious SSL handshake
interrupt[Hint: Usually just one of those OpenSSL confusions!?]
---------------------
The error shows CN in certificate not identical to CA, but this is not
the problem. They are same.
On the Netscape 4.05 browser it says, "The server's certificate has an
invalid signature. You will not be able to connect to this site
securely." And finally nothing happens on browser.
Please someone tell me what is the problem?
Thanks
N.K. Narang
New Delhi
[EMAIL PROTECTED]
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
