Full_Name: Howie Grapek
Version: 2.6.2
OS: solaris 7
Submission from: (NULL) (216.160.155.185)
Hi, I have mod_perl and php currently working.. now adding mod_ssl...
this is what is happening:
Apache/1.3.12 (Unix) mod_ssl/2.6.2 OpenSSL/0.9.5 PHP/3.0.15 mod_perl/1.21
configured
http protocol works, https gives me many errors.
I have a real verisign key/cert pair installed.
when doing: $ openssl s_client -connect localhost:443 -state -debug
I get the following (after much debug is displayed)
depth=1 /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
SSL_connect:SSLv3 read server certificate A
read from 001604D0 [00167BF0] (5 bytes => 0 (0x0))
SSL_connect:failed in SSLv3 read server key exchange A
5997:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:216:
the following is displayed in the ssl_errorlog:
[Tue Mar 21 22:26:15 2000] [notice] Apache/1.3.12 (Unix) mod_ssl/2.6.2
OpenSSL/0.9.5 PHP/3.0.15 mod_perl/1.21 configured -- resuming normal operations
[Tue Mar 21 22:26:20 2000] [error] mod_ssl: SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
[Tue Mar 21 22:26:20 2000] [error] System: Broken pipe (errno: 32)
[Tue Mar 21 22:26:25 2000] [error] mod_ssl: SSL handshake failed (server
kw4.knightweb.com:443, client 127.0.0.1) (OpenSSL library error follows)
[Tue Mar 21 22:26:25 2000] [error] OpenSSL: error:1E065406:RSAref
routines:RSAREF_BN2BIN:len
[Tue Mar 21 22:26:25 2000] [error]
my conf file is as follows:
Listen 443
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLMutex file:/www/logs/ssl_mutex
SSLPassPhraseDialog builtin
SSLCipherSuite ALL
SSLCertificateFile /www/conf/ssl.crt/ssl.knightweb.com.crt
SSLCertificateKeyFile /www/conf/ssl.key/ssl.knightweb.com.key
SSLCertificateChainFile /www/conf/ssl.crt/ca-bundle.crt
SSLCACertificatePath /www/conf/ssl.crt/
SSLCACertificateFile /www/conf/ssl.crt/ca-bundle.crt
SSLCARevocationPath /www/conf/ssl.crl/
#SSLCARevocationFile /www/conf/ssl.crl/ca-bundle.crl
SSLVerifyClient require
SSLVerifyDepth 10
SSLSessionCache dbm:/www/logs/ssl_gcache_data
SSLSessionCacheTimeout 600
SSLLog /www/logs/ssl_engine.log
SSLLogLevel error
SSLProtocol all
<VirtualHost _default_:443>
SSLEngine on
ServerName kw4.knightweb.com
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /www/htdocs-443
<Directory /www/htdocs-443>
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 40
Options Indexes FollowSymLinks ExecCGI Includes
AllowOverride All
</Directory>
</VirtualHost>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
