Ronald, The problem looks like your server SSL certificate does not have your server name say www.yoursite.com as CN="www.yoursite.com" in Subject Name. that is what bother client and server sides are showing in messages and logs. Can you please confirm if this is correct ?
Regards Nauman -----Original Message----- From: Ronald Petty [mailto:[EMAIL PROTECTED] Sent: Monday, June 02, 2003 4:40 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Erro Code: -8182 I get the follow error in my browser "Could not establish an encrypted connection because certificate presented by test.example.dom is invalid or corrupted. Error Code: -8182" when I go to my server via https. I looked in the archive and found black magic like "restart your browser" I tried this spell, and alas, to no avail. This happened to me before and it worked by restarting the browser. Needless to say I don't like the idea of people having to do that. And better when I click on the ok button (even though it is really not ok) I get this in my logs <hit my site via https and get the first error, this shows in the log> [02/Jun/2003 15:25:47 01074] [info] Connection to child 5 established (server test.example.dom:443, client x.x.x.x) [02/Jun/2003 15:25:47 01074] [info] Seeding PRNG with 1160 bytes of entropy <BAM hit OK, then this shows up> [02/Jun/2003 15:29:12 01074] [error] SSL handshake failed (server test.example.dom:443, client x.x.x.x) (OpenSSL library error follows) [02/Jun/2003 15:29:12 01074] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?] I have changed the client and the server name for my own security (don't know if it matters). I heard that "CN in certificate not server name or identical to CA!?" means dns is messed up, however DNS is working fine for me (far as I can tell). I can pop/ssh/http to the test.example.dom just fine. (No its not set in my /etc/host) Any idea at what I am doing wrong? I have never done this before so please forgive my newby ways. Thanks Ron ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
