APM wrote: > Hello, EHLO,
> I'm having a problem every time I used netscape after the
> RA server certificate has been installed on the RA server.
>
> This is what I get when using Netscape 6.2.1 on a windows nt box.
MMMmmmm.... try using Netscape 4.79 or Mozilla instead...
> [Thu Aug 1 12:47:39 2002] [error] mod_ssl: SSL handshake failed (server RAServe
> r.nrns.ca:443, client 10.111.111.76) (OpenSSL library error follows)
> [Thu Aug 1 12:47:39 2002] [error] OpenSSL: error:14094416:SSL routines:SSL3_REA
> D_BYTES:sslv3 alert certificate unknown
>
> This is what I get when using Netscape that comes with redhat 7.3
> [31/Jul/2002 15:14:49 20465] [error] SSL handshake failed (server RAServer.nrns.
> ca:443, client 127.0.0.1) (OpenSSL library error follows)
> [31/Jul/2002 15:14:49 20465] [error] OpenSSL: error:14094412:SSL routines:SSL3_R
> EAD_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not serve
> r name or identical to CA!?]
It seems you issued the certificate for the server with a CN not set to the
URL, i.e. if you want to use a certificate for the server "www.me.org" you
should set the CN=www.me.org field in the certificate so that Netscape does
not complain about it.
> If I use IE, i do not have any problem.
I think IE does not check the cert's DN against the requested URL.
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
smime.p7s
Description: S/MIME Cryptographic Signature
