On Wed, Feb 18, 2004 at 11:37:17AM +0000, Huw Jenkins wrote:
> >> I know the cert's are OK. Definitely! I've been getting new ones off
> >> Geotrust (the techies there are really helpful!) and I've used everyway
> >> under the sun to input them. Still won't work tho. So I'm thinking the
> >> problem lies somewhere else! Anyone got any idea what could be going wrong?
> >
> > The error message indicates, that the contents of the certificate cannot
> > be correctly parsed. You should be able to verify this with the
> > openssl command line tool:
> > openssl x509 -in /etc/httpd/ssl.key/royal.crt -text
> > If the certificate is ok, you should see its contents here. But as the
> > tool is using the same routines as mod_ssl...
> >
> > Best regards,
> > Lutz
>
> Having done this I've noticed that all the new files I have received from
> GeoTrust have the same result. I'm assuming that they can't all be bad!
> Therefore after many days of trying everything I must resort to the thought
> that my mod_ssl version and apache version are not right. I personally
> haven't updates either since I got another site working on that machine. But
> at this stage I can't rule anything out. Just quickly, how do I find out
> what version of apache and mod_ssl I'm running? I know that modssl.org will
> tell me what I need to know with regard to what is compatible with what. I
> just need to know what I'm running. Also does openssl have to be a correct
> version? If so how do I find that out?
I am not completely sure that I understand your results. I assume that you
mean: "yes, openssl x509 .. also fails".
I am not familiar with MacOS X. Apache and mod_ssl (version to be found in
the logfile when starting) actually do call openssl's libraries for the
certificate handling, so the problem should be in the OpenSSL version
installed. (See "openssl version" for version information.)
The problem seems to be with the certificates which do carry public information,
so that you could post them so that other people can investigate
them and report.
Even better: if the problem can be reproduce with openssl alone, do post
your problem to the [EMAIL PROTECTED] mailing list.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
