Problem upgrading to 0.9.8a

Thu, 05 Jan 2006 08:38:22 -0800 

Good Morning.

New user, please bear with.

We have an application that is currently using OpenSSL 0.9.6c in
conjunction with an Apache  server.  We've been told we should upgrade
the libaries to 0.9.6k or higher in order to plug the known holes with
this version of OpenSSL.  I obtained the 0.9.8a libraries from Shining
Light Productions (www.slproweb.com) as we are a Windows shop (It's
what we have and I have to deal with it  :(  )  I shut down Apache and
replaced the libeay32.dll, ssleay32.dll, and openssl.exe files from
the 0.9.6c install with the 0.9.8a.  Apache now won't start and is
giving me the following error in the Windows Application Event viewer:

[error] mod_ssl: Init <server name:port> Failed to configure CA
certificate chain! <<<
 before the error.log file could be opened.
 More information may be available in the error.log file.   .


from my httpd.conf file here are the SSL specific params:

<IfModule mod_ssl.c>
     AddType application/x-x509-ca-cert .crt
     AddType application/x-pkcs7-crl    .crl
     SSLPassPhraseDialog  builtin
     SSLSessionCache         dbm:logs/ssl/ssl_scache
     SSLSessionCacheTimeout  300
     SSLMutex  sem
     SSLRandomSeed startup builtin
     SSLRandomSeed connect builtin
     SSLLogLevel info

     <VirtualHost _default_:443>
     DocumentRoot "D:/Apache/htdocs"
     ServerName <server name>
     ErrorLog logs/ssl/error.log
     SSLEngine on
     SSLCipherSuite HIGH:MEDIUM
     SSLCertificateFile "D:/Apache/conf/ssl.crt/server.crt"
     SSLCertificateKeyFile "D:/Apache/conf/ssl.key/server.key"
     SSLCertificateChainFile "D:/Apache/conf/ssl.crt/intermediate.crt"

     <Files ~ "\.(cgi|shtml|phtml|php?)$">
         SSLOptions +StdEnvVars
     </Files>
     <Directory "D:/Apache/cgi-bin">
         SSLOptions +StdEnvVars
     </Directory>
     SetEnvIf User-Agent ".*MSIE.*" \
              nokeepalive ssl-unclean-shutdown \
              downgrade-1.0 force-response-1.0

</VirtualHost>
</IfModule>

My question is, did I miss something or do I have to request a new certificate?

Dan
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to