Hi,
I have seen the same problem once. I have generated the RAS certificate
using mod_ssl's make certificate utility and choose NOT to encrypt the key,
I got exactly the same problem. But if you choose to encrypt the key when
runing mod_ssl's make certificate utility, you will be fine. If you do not
want to encrypt the key, you can use openssl's CA utility to self-sign a
cert (without key encryption). That should work too. Let me know if that
helps.
Joey
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Neil Aggarwal
Sent: Tuesday, April 24, 2001 4:13 PM
To: [EMAIL PROTECTED]
Subject: Netscape give I/O Exception, IE OK
Hello:
This is really strange.
I am using a test server certificate generated from mod SSL 2.8.2
for apache 1.3.19 on a freshly installed Redhat 7.1 server.
I used the stock openssl (OpenSSL 0.9.6-3) that came with the
installation.
If I connect to https://serverName using Internet Explorer,
everything works fine. I get the dialog box that says that
the certificate is not from a trusted authority and then
when I hit OK, I get the apache test page.
If I try it in Netscape, I get the dialog box about the
certificate name check and then, when I hit continue,
I get another dialog box that states:
An I/O error occurred during security authorization.
Please try your connection again.
I can repeat this as many times as I like, but the exception
always pops up.
Here are some messages in the error_log:
[Tue Apr 24 15:08:28 2001] [notice] Apache/1.3.19 (Unix) mod_jk
mod_ssl/2.8.1 OpenSSL/0.9.6 configured -- resuming normal operations
[Tue Apr 24 15:08:43 2001] [error] mod_ssl: SSL handshake failed (server
www.JAMMConsulting.com:443, client 192.168.1.2) (OpenSSL library error
follows)
[Tue Apr 24 15:08:43 2001] [error] OpenSSL: error:0407106B:rsa
routines:RSA_padding_check_PKCS1_type_2:block type is not 02
[Tue Apr 24 15:08:43 2001] [error] OpenSSL: error:04065072:rsa
routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed
[Tue Apr 24 15:08:43 2001] [error] OpenSSL: error:1408B076:SSL
routines:SSL3_GET_CLIENT_KEY_EXCHANGE:bad rsa decrypt
Does anyone know what this means and why it is occurring?
Thanks,
Neil.
--
Neil Aggarwal
JAMM Consulting, Inc. -- (972) 612-6056, http://www.JAMMConsulting.com
Custom Internet Development -- Java, JSP, servlets, databases
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
