Certificate Problems
Title: Certificate Problems I am trying to set up ssl on my server and I have been through what I believe are the correct settings. I can run the command line script 'openssl s_client -connect eghapp:443 -state -debug' I don't appear to get an error message. However when trying to start apache using the startssl switch the following error turns up in the ssl_error_log [Tue Jun 15 15:11:04 2004] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Jun 15 15:11:04 2004] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Tue Jun 15 15:11:07 2004] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Jun 15 15:11:07 2004] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Tue Jun 15 15:26:34 2004] [error] [client 10.14.1.150] Invalid method in request I have also been able to successfully run the command 'curl https://eghapp'. However when I try to run 'https://eghapp' through the browser I get an error saying that the DNS server cannot be found. On checking the nothing gets written to any of the ssl log files. Does anyone know how I can resolve this? Thanks Richard Skeggs Software Engineer Mobius Management Systems Cavendish House 5 The Avenue Egham Surrey TW20 9AB Tel: +44 (0) 1784 484700 Mobile: + 44 (0) 7971 608315 email: [EMAIL PROTECTED]
RE: Certificate Problems
Plain text please... If you got an error in the ssl error-log then apache must be running. The invalid method error is exactly that - the HTTP method wasn't GET, POST etc... What request were you making when you got the error? Cross-check the access log for details... It looks like your certificate common name is localhost.localdomain and this doesn't match the ServerName argument which is what the warning is about. The DNS error means that he browser cannot resolve eghapp to an IP address while curl, apparently, can. No idea why - depends on OS, browser version, config etc. (eg, if the browser goes via a proxy, the proxy will not see a local /etc/hosts definition of eghapp). Tip: if you post back, cut'n'paste exact error messages - do not paraphrase as this loses important information. Also, give OS, apache 1.3 or 2 etc. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX. -Original Message- From: Richard Skeggs [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 16. Juni 2004 11:07 To: '[EMAIL PROTECTED]' Subject: Certificate Problems I am trying to set up ssl on my server and I have been through what I believe are the correct settings. I can run the command line script 'openssl s_client -connect eghapp:443 -state -debug' I don't appear to get an error message. However when trying to start apache using the startssl switch the following error turns up in the ssl_error_log [Tue Jun 15 15:11:04 2004] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Jun 15 15:11:04 2004] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Tue Jun 15 15:11:07 2004] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Jun 15 15:11:07 2004] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Tue Jun 15 15:26:34 2004] [error] [client 10.14.1.150] Invalid method in request I have also been able to successfully run the command 'curl https://eghapp'. However when I try to run 'https://eghapp' through the browser I get an error saying that the DNS server cannot be found. On checking the nothing gets written to any of the ssl log files. Does anyone know how I can resolve this? Thanks Richard Skeggs Software Engineer Mobius Management Systems Cavendish House 5 The Avenue Egham Surrey TW20 9AB Tel: +44 (0) 1784 484700 Mobile: + 44 (0) 7971 608315 email: [EMAIL PROTECTED] This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
FW: Certificate Problems
Thanks for the response, to explain abit more the error I see in the log file only get written when I start apache using apachactl startssl the message written to ssl_error_log is: [Wed Jun 16 10:59:48 2004] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Jun 16 10:59:48 2004] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Wed Jun 16 10:59:50 2004] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Jun 16 10:59:50 2004] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? As for the the request I was making it was to simply get the home page of eghapp Using the url http://eghapp:8000 through my browser I get to view the home page of eghapp However https://eghapp:8000 I get the following log message from error_log: [Wed Jun 16 11:08:05 2004] [error] [client 10.14.2.8] Invalid method in request!L!! From access_log: 10.14.2.8 - - [16/Jun/2004:11:07:38 +0100] L 501 1007 Nothing gets written to the ssl message files. The browser returns Cannot find server or DNS Error Internet Explorer I am trying to install ssl on the eghapp server which is a RedHat9 linux box. An extract from the hosts file on eghapp is: 127.0.0.1 localhost loghost 10.14.1.150 eghapp An extract from the httpd.conf file is shown below Listen 8000 NameVirtualHost 10.14.1.150 VirtualHost 10.14.1.150 ProxyPass /esav http://eghsnap1:8081/esav ProxyPassReverse /esav http://eghsnap1:8081/esav ProxyPass /ddrint http://eghsnap2:8081/ddrint ProxyPassReverse /ddrint http://eghsnap2:8081/ddrint ProxyPass /vnc http://eghsnap1:80/vnc ProxyPassReverse /vnc http://eghsnap1:80/vnc ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www/html ServerName eghapp ErrorLog logs/error_log CustomLog logs/access_log common #/VirtualHost SSLProtocol -all +SSLv2 SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP SSLCertificateFile /etc/httpd/server.csr SSLCertificateKeyFile /etc/httpd/server.key /VirtualHost For your information I am running Apache 2.0.4.0 IE 6.0.2 Richard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Boyle Owen Sent: 16 June 2004 10:20 To: [EMAIL PROTECTED] Subject: RE: Certificate Problems Plain text please... If you got an error in the ssl error-log then apache must be running. The invalid method error is exactly that - the HTTP method wasn't GET, POST etc... What request were you making when you got the error? Cross-check the access log for details... It looks like your certificate common name is localhost.localdomain and this doesn't match the ServerName argument which is what the warning is about. The DNS error means that he browser cannot resolve eghapp to an IP address while curl, apparently, can. No idea why - depends on OS, browser version, config etc. (eg, if the browser goes via a proxy, the proxy will not see a local /etc/hosts definition of eghapp). Tip: if you post back, cut'n'paste exact error messages - do not paraphrase as this loses important information. Also, give OS, apache 1.3 or 2 etc. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX. -Original Message- From: Richard Skeggs [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 16. Juni 2004 11:07 To: '[EMAIL PROTECTED]' Subject: Certificate Problems I am trying to set up ssl on my server and I have been through what I believe are the correct settings. I can run the command line script 'openssl s_client -connect eghapp:443 -state -debug' I don't appear to get an error message. However when trying to start apache using the startssl switch the following error turns up in the ssl_error_log [Tue Jun 15 15:11:04 2004] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Jun 15 15:11:04 2004] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Tue Jun 15 15:11:07 2004] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Jun 15 15:11:07 2004] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Tue Jun 15 15:26:34 2004] [error] [client 10.14.1.150] Invalid method in request I have also been able to successfully run the command 'curl https://eghapp'. However when I try to run 'https://eghapp' through the browser I get an error saying that the DNS server cannot be found. On checking the nothing gets written to any of the
[Fwd: FW: Certificate Problems]
Thanks for the response, to explain abit more the error I see in the log file only get written when I start apache using apachactl startssl the message written to ssl_error_log is: [Wed Jun 16 10:59:48 2004] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Jun 16 10:59:48 2004] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Wed Jun 16 10:59:50 2004] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Jun 16 10:59:50 2004] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? As for the the request I was making it was to simply get the home page of eghapp Using the url http://eghapp:8000 through my browser I get to view the home page of eghapp However https://eghapp:8000 I get the following log message from error_log: [Wed Jun 16 11:08:05 2004] [error] [client 10.14.2.8] Invalid method in request!L!! From access_log: 10.14.2.8 - - [16/Jun/2004:11:07:38 +0100] L 501 1007 Nothing gets written to the ssl message files. The browser returns Cannot find server or DNS Error Internet Explorer I am trying to install ssl on the eghapp server which is a RedHat9 linux box. An extract from the hosts file on eghapp is: 127.0.0.1 localhost loghost 10.14.1.150 eghapp An extract from the httpd.conf file is shown below Listen 8000 NameVirtualHost 10.14.1.150 VirtualHost 10.14.1.150 ProxyPass /esav http://eghsnap1:8081/esav ProxyPassReverse /esav http://eghsnap1:8081/esav ProxyPass /ddrint http://eghsnap2:8081/ddrint ProxyPassReverse /ddrint http://eghsnap2:8081/ddrint ProxyPass /vnc http://eghsnap1:80/vnc ProxyPassReverse /vnc http://eghsnap1:80/vnc ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www/html ServerName eghapp ErrorLog logs/error_log CustomLog logs/access_log common #/VirtualHost SSLProtocol -all +SSLv2 SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP SSLCertificateFile /etc/httpd/server.csr SSLCertificateKeyFile /etc/httpd/server.key /VirtualHost For your information I am running Apache 2.0.4.0 IE 6.0.2 Richard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Boyle Owen Sent: 16 June 2004 10:20 To: [EMAIL PROTECTED] Subject: RE: Certificate Problems Plain text please... If you got an error in the ssl error-log then apache must be running. The invalid method error is exactly that - the HTTP method wasn't GET, POST etc... What request were you making when you got the error? Cross-check the access log for details... It looks like your certificate common name is localhost.localdomain and this doesn't match the ServerName argument which is what the warning is about. The DNS error means that he browser cannot resolve eghapp to an IP address while curl, apparently, can. No idea why - depends on OS, browser version, config etc. (eg, if the browser goes via a proxy, the proxy will not see a local /etc/hosts definition of eghapp). Tip: if you post back, cut'n'paste exact error messages - do not paraphrase as this loses important information. Also, give OS, apache 1.3 or 2 etc. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX. -Original Message- From: Richard Skeggs [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 16. Juni 2004 11:07 To: '[EMAIL PROTECTED]' Subject: Certificate Problems I am trying to set up ssl on my server and I have been through what I believe are the correct settings. I can run the command line script 'openssl s_client -connect eghapp:443 -state -debug' I don't appear to get an error message. However when trying to start apache using the startssl switch the following error turns up in the ssl_error_log [Tue Jun 15 15:11:04 2004] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Jun 15 15:11:04 2004] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Tue Jun 15 15:11:07 2004] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Jun 15 15:11:07 2004] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Tue Jun 15 15:26:34 2004] [error] [client 10.14.1.150] Invalid method in request I have also been able to successfully run the command 'curl https://eghapp'. However when I try to run 'https://eghapp' through the browser I get an error saying that the DNS server cannot be found. On checking the nothing gets written to any of
Again: License of ca-bundle.crt
Hello, I am packaging sole ca-bundle.crt for Fink. http://sourceforge.net/tracker/index.php?func=detailaid=928157group_id=17203atid=414256 Fink package system has License field. I must fill it. What is the license of sole ca-bundle.crt? Mod_ssl license? Or nothing like license? I sent before but no response except vacation. Before clarifying it I can't take any action. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Again: License of ca-bundle.crt
On Thu, Jun 17, 2004 at 05:09:31AM +0900, AIDA Shinra wrote: Hello, I am packaging sole ca-bundle.crt for Fink. http://sourceforge.net/tracker/index.php?func=detailaid=928157group_id=17203atid=414256 Fink package system has License field. I must fill it. What is the license of sole ca-bundle.crt? Mod_ssl license? Or nothing like license? It's a tricky legal question, I think. The original source of the ca-bundle.crt was a database shipped with the Netscape browser. It's possible to derive a new ca-bundle.crt from the Mozilla source code, which is what Debian do in their ca-certificates package. Debian say that the resultant CA certificate bundle is licensed under the MPL, as its source in Mozilla is. But can a database be copyrighted? Can a database made up of copies of necessarily-public CA certificates published by third parties be copyrighted? It is somewhat lacking in originality, which is one of the requirements for US copyright law to apply, at least. You may be better of asking a lawyer, unfortunately! joe __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
