Hi all, I am having problems using a certificate created with OpenSSL. I have created a PEM certificated with its private key using the next commands: - openssl genrsa -des3 -out Privatekey.pem 1024 - openssl req -new -x509 -key Privatekey.pem -out MyCertificate.pem -days 365 - openssl x509 -hash -in MyCertificate.pem - ren MyCertificate.pem 7cc1966e.0 After this I have run a server with this certificate in the same machine (Windows XP) and from a Solaris9 I have test it with https, to run the server I use: - openssl s_server -cert 7cc1966e.0 -key PrivateKey.pem All the things go well.
After this I have installed the certificate in the Solaris machine in a Java environment (Tomcat) and when I try to connect from inside the machine, with a Netscape, it says me "no common encryption algorithms." If I try with a client on Openssl (in the Windows machine) with this sentence: - openssl s_client -connect 172.22.2.45:20998 -debug I get the next: Loading 'screen' into random state - done CONNECTED(00000770) write to 0xa4e8f8 [0xa4e940] (124 bytes => 124 (0x7C)) 0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 39 00 00 .z....Q... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............ 0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03 ..3..2../....... 0030 - 00 80 00 00 05 00 00 04-01 00 80 00 00 15 00 00 ................ 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 [EMAIL PROTECTED] 0050 - 00 00 06 04 00 80 00 00-03 02 00 80 fa 78 f7 3e .............x.> 0060 - c0 a6 c3 af 49 85 0f 79-9a c9 2e 41 e3 dc 47 ed ....I..y...A..G. 0070 - f0 9a 94 55 1a 1d cd bc-7d 4a dc 05 ...U....}J.. read from 0xa4e8f8 [0xa53ea0] (7 bytes => 7 (0x7)) 0000 - 15 03 01 00 02 02 28 ......( 4944:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake fa ilure:.\ssl\s23_clnt.c:562: Any idea? I don't know what to do. Thanks in advance, César. -- View this message in context: http://www.nabble.com/Problems-with-ciphers-%28handshake-failure%29-tf2958555.html#a8276567 Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
