Digging deeper, I realized I had overlooked an error in the "openssl s_client" output:
verify error:num=19:self signed certificate in certificate chain Will this help? openssl verify -CApath /usr/local/apache/conf/ca-bundle/ -CAfile /usr/local/apache/conf/ca-bundle/ca.txt I'm not sure if this is what I should be doing. ----- Original Message ----- From: "Joe Dames" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 18, 2002 10:28 AM Subject: log shows connection from server, but then can't connect from internet client > Hello fellow humans! > > > I am trying desperately to discover the new skill of installing an SSL > certificate on an Apache server which is (hopefully) SSL enabled. > > .I start the server: > /usr/local/apache/bin/apachectl startssl > It starts cleanly! (I think) > http://molions.com/joe/apache-ssl_error_log.txt > > .No my problems are uncovered. I can connect to port 443 on my virtual server > while using the openssh s_client tool at my servers shell. I cannot, however, > do a normal client connection from another machine's web browser (netscape, IE, > Opera, --all new versions). I have read high and low, and have learned a great > deal, but still am at a loss of what is wrong. I have compiled all of the > variables that I have found to have a direct effect upon the operation of ssl > and included them below for your expert opinions. > > .I believe I have accomplished some level of success as evidenced by this > ssl_engine_log snip > http://molions.com/joe/ssl_engine_log_snip.txt > I am concerned about the whole "Init: 1st startup round (still not detached)" > bit in the ssl_engine_log. I don't understand why it must go through 2 startup > rounds. Is this a problem? > > .When I run curl secure.mydomain.com:443 from the ssl server, it spits out all > of the html. But I am having no success having a client browser on another > machine connect to port 443 on this virtual server. > > .Here is what I get when I run the command: "openssl s_client -connect > secure.mydomain.com:443 -state" > http://molions.com/joe/openssl-s_client_-connect.txt > (I've changed the names to protect the innocent ;) > > .Here are my httpd.conf ssl tidbits > http://molions.com/joe/httpd.conf.tidbits.txt > > > .Here is some of my directory proof that the files are there and who can do what > with them > http://molions.com/joe/ssl_directory_structure.txt > > > > If I have configured something totally wrong (I'm sure), please tell me. I > realize I still have so much to learn. Any help at all will be immensely > appreciated. > > Joe Dames > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
