Ok, I made it past the cert signing by creating self-signing a cert to at
least get the thing up and running.
Now when I try and connect, it just hangs. The two debugging steps I tried
were telnetting to 443 on the host, and to run the openssl command with the
debug arg. Output follows
***
root # telnet tribble.rose.hp.com 443
Trying...
Connected to tribble.rose.hp.com.
Escape character is '^]'.
GET /index.html HTTP/1.0
HTTP/1.1 200 OK
Date: Fri, 29 Oct 1999 19:11:03 GMT
Server: Apache/1.3.9 (Unix) mod_perl/1.21 mod_ssl/2.4.5 OpenSSL/0.9.4
Last-Modified: Tue, 24 Aug 1999 23:32:38 GMT
ETag: "f03-af0-37c32b96"
Accept-Ranges: bytes
Content-Length: 2800
Connection: close
Content-Type: text/html
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="GENERATOR" content="Mozilla/4.6 [en] (X11; I; HP-UX B.11.00
9000/813) [Netscape]">
<title>Test Page for Apache Installation on Web Site</title>
<!-- Background white, links blue (unvisited), navy (visited), red (active)
-->
</head>
<body text="#000000" bgcolor="#FFFFFF" link="#0000FF" vlink="#000080"
alink="#FF0000">
<center>
<h1>
Welcome to OpenView Web Roseville</h1></center>
****************
I also tried to use the openssl app to debug it:
openssl s_client -connect tribble.rose.hp.com:443 -state -debug
CONNECTED(00000004)
SSL_connect:before/connect initialization
write to 4003E7F0 [4004F780] (109 bytes => 109 (0x6D))
0000 - 80 6b 01 03 01 00 42 00-00 00 20 00 00 16 00 00 .k....B... .....
0010 - 13 00 00 0a 00 00 07 00-00 05 00 00 04 00 00 15 ................
0020 - 00 00 12 00 00 09 07 00-c0 05 00 80 03 00 80 01 ................
0030 - 00 80 08 00 80 06 00 40-00 00 14 00 00 11 00 00 .......@........
0040 - 08 00 00 06 00 00 03 04-00 80 02 00 80 3f 40 77 .............?@w
0050 - 32 ae 82 f9 49 64 5b b9-f6 7b 3a 18 5c 01 ac 8d 2...Id[..{:.\...
0060 - cc af a3 22 04 d4 1a 83-3c d4 e2 27 c4 ..."....<..'.
SSL_connect:SSLv2/v3 write client hello A
read from 4003E7F0 [40054CE0] (7 bytes => 7 (0x7))
0000 - 3c 21 44 4f 43 54 59 <!DOCTY
SSL_connect:error in SSLv2/v3 read server hello A
9494:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:450:
****
Versions of stuff:
HP/UX 11.0 on a 9000/813/D330
Apache/1.3.9
mod_perl/1.21
mod_ssl/2.4.5
OpenSSL/0.9.4
Errors encountered:
When signing my own cert, I got:
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt:
/C=US/ST=California/L=Roseville/O=HP/OU=ASMD/CN=tribble.rose.hp.com/Email=th
[EMAIL PROTECTED]
error 7 at 0 depth lookup:certificate signature failure
And in the apache erorr_log:
[Fri Oct 29 12:26:14 1999] [notice] Apache/1.3.9 (Unix) mod_perl/1.21
mod_ssl/2.4.5 OpenSSL/0.9.4 configured -- resuming normal operations
[Fri Oct 29 12:29:19 1999] [error] [client 15.8.152.187] Invalid method in
request +
Any clues?
Thanks!
Thom Fitzpatrick, Sr. Unix Administrator
HP OpenView Performance Technology Center
(916) [EMAIL PROTECTED]
SSL_connect error & why doesn't https work for me
FITZPATRICK,THOM (Non-HP-Roseville,ex1) Fri, 29 Oct 1999 15:46:19 -0700
Thom.vcf- mail recipient james-wright@deshaw... FITZPATRICK,THOM (Non-HP-Roseville,ex1)
- mail recipient james-wright@d... nobody
- mail recipient james-wrig... nobody
- mail recipient james-... nobody
- mail recipient ja... nobody
- Re: SSL_connect error & w... Bodo Moeller
