> Could you retry with openssl s_client in full debug mode ?
Here it is, for me it's like chinese :
[arcade2]# openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem -key cl_key.pem
-state -debug
Enter PEM pass phrase:
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 08156A30 [08157E98] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00 .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04 .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00 ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00 .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 61 bf 17 f2 ............a...
0060 - 3c c8 5d 69 0a 5c d9 28-e6 9c fe 89 bc 0b 53 13 <.]i.\.(......S.
0070 - 63 4d 3e 55 27 4d 38 86-5c 78 a8 e2 cM>U'M8.\x..
SSL_connect:SSLv2/v3 write client hello A
read from 08156A30 [0815D3F8] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 28 ......(
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
1754:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:453:
> Could you retry with openssl s_client in full debug mode ?
>
> -
> Henri Gomez ___[_]____
> EMAIL : [EMAIL PROTECTED] (. .)
> PGP KEY : 697ECEDD ...oOOo..(_)..oOOo...
> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
>
>
>
> >-----Original Message-----
> >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> >Sent: Friday, June 15, 2001 12:21 PM
> >To: [EMAIL PROTECTED]
> >Subject: RE: SSL handshake failure URGENT
> >
> >
> >So, every seems to be well configured, but I always get this
> >handshake error, what could be the problem in that case ?
> >
> ># openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem
> >-key cl_key.pem -state
> >Enter PEM pass phrase:
> >CONNECTED(00000003)
> >SSL_connect:before/connect initialization
> >SSL_connect:SSLv2/v3 write client hello A
> >SSL3 alert read:fatal:handshake failure
> >SSL_connect:error in SSLv2/v3 read server hello A
> >
> >
> >> >ok now it's done, but same error
> >> >HandShake Failure
> >> >
> >> >I made the new server request, the new server certification,
> >> >the new server x509 conversion, and the new server into tomcat
> >> >keystore importation
> >> >
> >> >(I send you the new server certificate)
> >> >
> >> >must we also replace to CN of the client ? (I didn't do it)
> >> >maybe the CN of the CA ?
> >> >
> >> CN of you client could be what you want....
> >>
> >> >
> >> >> The problem is in the CN of the server cert :
> >> >>
> >> >> replace CN=server by CN=thehostname !!!
> >> >>
> >> >> Certificate:
> >> >> Data:
> >> >> Version: 3 (0x2)
> >> >> Serial Number: 2 (0x2)
> >> >> Signature Algorithm: md5WithRSAEncryption
> >> >> Issuer: C=FR, ST=France, L=Genvilliers, O=THE_ORG,
> >> >OU=UNIT, CN=ca
> >> >> Validity
> >> >> Not Before: Jun 14 08:47:55 2001 GMT
> >> >> Not After : Jun 14 08:47:55 2002 GMT
> >> >> Subject: C=FR, ST=France, O=THE_ORG, OU=UNIT, CN=server
> >> >> Subject Public Key Info:
> >> >> Public Key Algorithm: rsaEncryption
> >> >> RSA Public Key: (1024 bit)
> >> >> Modulus (1024 bit):
> >> >> 00:f2:bc:0c:53:78:d3:08:85:b3:e1:70:7c:a8:d1:
> >> >> f1:64:49:37:e0:83:48:ac:5c:18:51:93:fd:31:49:
> >> >> 12:24:3a:57:13:e0:3a:97:25:ee:29:f5:16:f2:da:
> >> >> a7:fc:84:89:f6:50:53:2c:09:2a:a9:f5:91:b8:33:
> >> >> a5:ec:2f:16:07:b8:bf:60:01:06:aa:cc:be:fd:a9:
> >> >> 85:04:22:25:2b:16:4d:49:b4:11:bc:0a:68:1c:95:
> >> >> 6c:a6:ad:8c:f4:ef:30:11:41:6e:cf:3b:ca:a6:6a:
> >> >> e9:1b:bf:41:28:b0:5e:c8:03:8c:cb:22:ce:80:38:
> >> >> 3b:c3:9f:ac:e3:5e:77:cb:7b
> >> >> Exponent: 65537 (0x10001)
> >> >> X509v3 extensions:
> >> >> X509v3 Basic Constraints:
> >> >> CA:FALSE
> >> >> Netscape Comment:
> >> >> OpenSSL Generated Certificate
> >> >> X509v3 Subject Key Identifier:
> >> >>
> >> >44:3C:48:E2:82:B6:77:02:B1:90:84:D3:B0:CD:0C:18:6E:81:9F:7E
> >> >> X509v3 Authority Key Identifier:
> >> >>
> >> >> keyid:85:64:41:58:57:5F:91:5E:E1:A7:85:6B:CB:B7:F4:03:C4:F9:A8:31
> >> >>
> >> >> DirName:/C=FR/ST=France/L=Genvilliers/O=THE_ORG/OU=UNIT/CN=ca
> >> >> serial:00
> >> >>
> >> >> Signature Algorithm: md5WithRSAEncryption
> >> >> 05:0a:10:ec:dd:04:9e:8d:bb:98:2d:82:8f:c5:a0:f7:6b:06:
> >> >> 97:52:c0:a2:c0:f2:25:8c:81:41:a5:80:f2:1e:72:da:a5:d2:
> >> >> 28:df:44:77:0f:6b:df:9a:1e:06:c7:83:6a:7d:40:89:96:1f:
> >> >> be:f5:2b:b2:fc:4c:91:a9:0c:89:e8:00:37:d5:a1:ab:a8:82:
> >> >> 7b:92:d9:ba:e9:1b:57:3d:32:62:96:ba:29:1d:3f:9b:83:64:
> >> >> b8:92:37:74:16:4d:3f:be:bf:cf:25:70:03:05:06:de:d2:52:
> >> >> 94:ff:6a:fc:0c:32:ef:aa:ab:63:6d:e1:77:56:fc:3f:32:c6:
> >> >> 20:a8
> >> >>
> >> >>
> >> >>
> >> >> -
> >> >> Henri Gomez ___[_]____
> >> >> EMAIL : [EMAIL PROTECTED] (. .)
> >> >> PGP KEY : 697ECEDD ...oOOo..(_)..oOOo...
> >> >> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
> >> >>
> >> >
> >> >
> >> >__________________________________________________
> >> >Voila vous propose une boite aux lettres gratuite sur Voila Mail:
> >> >http://mail.voila.fr
> >> >
> >> >
> >>
> >
> >__________________________________________________
> >Voila vous propose une boite aux lettres gratuite sur Voila Mail:
> >http://mail.voila.fr
> >
> >
> >
>
__________________________________________________
Voila vous propose une boite aux lettres gratuite sur Voila Mail:
http://mail.voila.fr
