On Wed, Jun 18, 2014 at 07:07:25AM -0700, Nelson wrote:
> Apache was upgraded with openssl as well as mod_ssl.
You need to read the documentation, release notes, ... and determine
any changes in policy or supported algorithms in the updated release.
My best guess is that this release objects to MD5 signatures in
certificates. Another possibility is that using a FIPS-capable
OpenSSL in FIPS mode (this too disables MD5 I think...).
> Haven't ever tested a certificate before, but I tried:
>
> openssl s_server -accept 7569 -cert /home/ssl/client-cert.pem -key
> /home/ssl/client-key.pem -CAfile /home/ssl/ca_master
You need to use either the "-verify" or the "-Verify" option to
request or demand client certificates. The sever should be using
the server certificate, not the client certificate.
Then use s_client with a suitable certificate.
> Signature Algorithm: md5WithRSAEncryption
MD5 could be the issue.
--
VIktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
