I was trapped by the no SSL with name-based virtual hosts as well... has
anyone thought about amending the protocol specification to enable this? ...
back in '95, my company (WebCom, at the time) was at the forefront of
pushing for the HTTP_HOST header to be included in the HTTP 1.1
specification... seems like this would be a similarly logical extension.
Regards,
Thomas Leavitt
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Gotz Babin-Ebell
Sent: Wednesday, February 28, 2001 9:00 AM
To: [EMAIL PROTECTED]
Subject: Re: "key value mismatch" error, but I don't believe it.
Mark Stosberg wrote:
>
> On Tue, 27 Feb 2001, Michelle Govender wrote:
> >
> > normally that error means your private key and certificate file does not
> > match.
> > To test it try using these commands:
> > for the private key:
> > $ openssl rsa -noout -text -in keyfile -modulus
> > for the certficate file:
> > $ openssl x509 -noout -text -in keyfile -modulus
> >
> > If the moduli for the two files are different then you using the
incorrect
> > private key and therefore the certificate will NOT work.
>
> Michelle,
>
> This was a great tip. Thanks. The moduli were in fact different. I'm
> going to re-initiate the signing request with Equifax and see if that
> straightens things out. Thanks.
But you do know you can't use virtual hosts with different host names
with SSL ?
The certificate containing the host name is send in the SSL handshake
and in the SSL handshake we have no Host: line...
By
Goetz
--
Goetz Babin-Ebell, TC TrustCenter GmbH, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
