Problem:
An Unix Apache/mod-ssl server .crt/.key pair
generated from a .csr/.key signed by a self
generated CA Cert on 32 bit Windows will not work
with the Netscape 4.72 client running on Linux
Redhat 6.2.
However the same .csr/.key signed by the same
self generated CA Cert on Redhat 6.2 Linux will
work. It will also work with the Microsoft
Explorer 5.50.4522.1800 running on Windows 98,
regardless of where the .crt/.key pair was signed.
The Netscape client fails with the message
"OpenSSL: error:14094412: SSL
outines:SSL3_READ_BYTES:sslv3 alert bad
certificate" in the apache log file.
It would appear that the Windows based OpenSSL ca
program is not consistant with the Unix based
OpenSSL ca program.
Conditions:
Apache WWW server with mod-ssl (mod_ssl-2.7.1-
1.3.14) running
on Linux Redhat 6.2.
Latest OpenSSL SNAP (same results with 0.9.6)
Netscape client 4.72 running on Linux Redhat 6.2
Microsoft Windows Explorer 5.50.4522.1800 on
Windows 98
In all cases the .crt/.key pair is a 1024 bit RSA
key.
The openssl.cnf file is identical on the
Windows/Linux systems.
Has anyone else seen this behavior and have found
a solution?
Ken
__________________________________________________
Support
InterSoft International, Inc.
Voice: 888-823-1541, International 281-398-7060
Fax: 888-823-1542, International 281-560-9170
[EMAIL PROTECTED]
http://www.securenetterm.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
