RE: SSL handshake failure URGENT

Wed, 20 Jun 2001 08:44:39 -0700 

> I use Linux RedHat 7, but it seems that SSL options was not taken in
> account with default launching of httpd (with httpd start) so I made
> first some modifications of httpd conf (specially putting on comment
> the
> <ifDefine SSL> tags to make it taken in account, and made some
> mistakes
> maybe cause httpd will not launch now :-)

On Redhat 7.0 you didn't have to use my apache-mod_ssl since you
allready have a apache built with mod_ssl. May be only to install
mod_ssl.

> I (true)hope so that the packages I download from your site are the
> good
> ones (tomcat-3.2.2-1.noarch.rpm and
> apache-mod_ssl-1.3.20.2.8.4-2.i386.rpm) even if I was surprised that
> apache-mod_ssl-1.3.19.2.8.3-1.i386.rpm was bigger (1.6M) than the next
> version apache-mod_ssl-1.3.20.2.8.4-2.i386.rpm (879k)
> 
> I will give you wedensday the next episod of my
> SSL/Linux/tomcat/apache
> adventure.
> 
> > PS: Did you have a Linux boxes, I've packaged easy to use 
> >     RPM which will let you install apache-mod_ssl, tomcat and 
> >     mod_jk in less than 30 mins....
> > 
> > http://www.falsehope.com/ftp-site/home/gomez/apache-mod_ssl/
> > http://www.falsehope.com/ftp-site/home/gomez/tomcat/
> > 
> > Redhat 7.0/7.1 users allready have a Apache using mod_ssl
> > 
> > -
> > Henri Gomez                 ___[_]____
> > EMAIL : [EMAIL PROTECTED]        (. .)                     
> > PGP KEY : 697ECEDD    ...oOOo..(_)..oOOo...
> > PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 
> > 
> > 
> > 
> > >-----Original Message-----
> > >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> > >Sent: Monday, June 18, 2001 11:41 AM
> > >To: [EMAIL PROTECTED]
> > >Subject: RE: SSL handshake failure URGENT
> > >
> > >
> > >I would try to do that following a document you wrote about 
> > >SSL via apache, but I was a little lost in your indication
> > >(for example some Jk... directives are not recognized, 
> > >[JkExtractSSL, ...] ) and I don't have a mod_jk.so module to load)
> > >
> > >> Could you try the server cert on apache/SSL or Apache-mod_ssl
> > >> and see if it works ?
> > >> 
> > >> 
> > >> 
> > >> -
> > >> Henri Gomez                 ___[_]____
> > >> EMAIL : [EMAIL PROTECTED]        (. .)                     
> > >> PGP KEY : 697ECEDD    ...oOOo..(_)..oOOo...
> > >> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 
> > >> 
> > >> 
> > >> 
> > >> >-----Original Message-----
> > >> >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> > >> >Sent: Monday, June 18, 2001 10:05 AM
> > >> >To: [EMAIL PROTECTED]
> > >> >Subject: RE: SSL handshake failure URGENT
> > >> >
> > >> >
> > >> >
> > >> >Of sure, there it is.
> > >> >
> > >> >
> > >> >> Could you retry with openssl s_client in full debug mode ?
> > >> >> 
> > >> >> -
> > >> >> Henri Gomez                 ___[_]____
> > >> >> EMAIL : [EMAIL PROTECTED]        (. .)                     
> > >> >> PGP KEY : 697ECEDD    ...oOOo..(_)..oOOo...
> > >> >> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 
> > >> >> 
> > >> >> 
> > >> >> 
> > >> >> >-----Original Message-----
> > >> >> >From: Jean-Etienne G. [mailto:[EMAIL PROTECTED]]
> > >> >> >Sent: Friday, June 15, 2001 12:21 PM
> > >> >> >To: [EMAIL PROTECTED]
> > >> >> >Subject: RE: SSL handshake failure URGENT
> > >> >> >
> > >> >> >
> > >> >> >So, every seems to be well configured, but I always get this
> > >> >> >handshake error, what could be the problem in that case ?
> > >> >> >
> > >> >> ># openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem 
> > >> >> >-key cl_key.pem -state         
> > >> >> >Enter PEM pass phrase:
> > >> >> >CONNECTED(00000003)
> > >> >> >SSL_connect:before/connect initialization
> > >> >> >SSL_connect:SSLv2/v3 write client hello A
> > >> >> >SSL3 alert read:fatal:handshake failure
> > >> >> >SSL_connect:error in SSLv2/v3 read server hello A
> > >> >> >
> > >> >> >
> > >> >> >> >ok now it's done, but same error
> > >> >> >> >HandShake Failure
> > >> >> >> >
> > >> >> >> >I made the new server request, the new server
> certification,
> 
> > >> >> >> >the new server x509 conversion, and the new server 
> > >into tomcat 
> > >> >> >> >keystore importation
> > >> >> >> >
> > >> >> >> >(I send you the new server certificate)
> > >> >> >> >
> > >> >> >> >must we also replace to CN of the client ? (I didn't do
> it)
> > >> >> >> >maybe the CN of the CA ?
> > >> >> >> >
> > >> >> >> CN of you client could be what you want....
> > >> >> >> 
> > >> >> >> >
> > >> >> >> >> The problem is in the CN of the server cert :
> > >> >> >> >> 
> > >> >> >> >> replace CN=server by CN=thehostname !!!
> > >> >> >> >> 
> > >> >> >> >> Certificate:
> > >> >> >> >>     Data:
> > >> >> >> >>         Version: 3 (0x2)
> > >> >> >> >>         Serial Number: 2 (0x2)
> > >> >> >> >>         Signature Algorithm: md5WithRSAEncryption
> > >> >> >> >>         Issuer: C=FR, ST=France, L=Genvilliers,
> O=THE_ORG,
> 
> > >> >> >> >OU=UNIT, CN=ca
> > >> >> >> >>         Validity
> > >> >> >> >>             Not Before: Jun 14 08:47:55 2001 GMT
> > >> >> >> >>             Not After : Jun 14 08:47:55 2002 GMT
> > >> >> >> >>         Subject: C=FR, ST=France, O=THE_ORG, 
> > >OU=UNIT, CN=server
> > >> >> >> >>         Subject Public Key Info:
> > >> >> >> >>             Public Key Algorithm: rsaEncryption
> > >> >> >> >>             RSA Public Key: (1024 bit)
> > >> >> >> >>                 Modulus (1024 bit):
> > >> >> >> >>                     
> > >> >00:f2:bc:0c:53:78:d3:08:85:b3:e1:70:7c:a8:d1:
> > >> >> >> >>                     
> > >> >f1:64:49:37:e0:83:48:ac:5c:18:51:93:fd:31:49:
> > >> >> >> >>                     
> > >> >12:24:3a:57:13:e0:3a:97:25:ee:29:f5:16:f2:da:
> > >> >> >> >>                     
> > >> >a7:fc:84:89:f6:50:53:2c:09:2a:a9:f5:91:b8:33:
> > >> >> >> >>                     
> > >> >a5:ec:2f:16:07:b8:bf:60:01:06:aa:cc:be:fd:a9:
> > >> >> >> >>                     
> > >> >85:04:22:25:2b:16:4d:49:b4:11:bc:0a:68:1c:95:
> > >> >> >> >>                     
> > >> >6c:a6:ad:8c:f4:ef:30:11:41:6e:cf:3b:ca:a6:6a:
> > >> >> >> >>                     
> > >> >e9:1b:bf:41:28:b0:5e:c8:03:8c:cb:22:ce:80:38:
> > >> >> >> >>                     3b:c3:9f:ac:e3:5e:77:cb:7b
> > >> >> >> >>                 Exponent: 65537 (0x10001)
> > >> >> >> >>         X509v3 extensions:
> > >> >> >> >>             X509v3 Basic Constraints: 
> > >> >> >> >>                 CA:FALSE
> > >> >> >> >>             Netscape Comment: 
> > >> >> >> >>                 OpenSSL Generated Certificate
> > >> >> >> >>             X509v3 Subject Key Identifier: 
> > >> >> >> >>                 
> > >> >> >>
> >44:3C:48:E2:82:B6:77:02:B1:90:84:D3:B0:CD:0C:18:6E:81:9F:7E
> > >> >> >> >>             X509v3 Authority Key Identifier: 
> > >> >> >> >>  
> > >> >> >> >> 
> > >>
> >keyid:85:64:41:58:57:5F:91:5E:E1:A7:85:6B:CB:B7:F4:03:C4:F9:A8:31
> > >> >> >> >>  
> > >> >> >> >> 
> > >DirName:/C=FR/ST=France/L=Genvilliers/O=THE_ORG/OU=UNIT/CN=ca
> > >> >> >> >>                 serial:00
> > >> >> >> >> 
> > >> >> >> >>     Signature Algorithm: md5WithRSAEncryption
> > >> >> >> >>         
> > >05:0a:10:ec:dd:04:9e:8d:bb:98:2d:82:8f:c5:a0:f7:6b:06:
> > >> >> >> >>         
> > >97:52:c0:a2:c0:f2:25:8c:81:41:a5:80:f2:1e:72:da:a5:d2:
> > >> >> >> >>         
> > >28:df:44:77:0f:6b:df:9a:1e:06:c7:83:6a:7d:40:89:96:1f:
> > >> >> >> >>         
> > >be:f5:2b:b2:fc:4c:91:a9:0c:89:e8:00:37:d5:a1:ab:a8:82:
> > >> >> >> >>         
> > >7b:92:d9:ba:e9:1b:57:3d:32:62:96:ba:29:1d:3f:9b:83:64:
> > >> >> >> >>         
> > >b8:92:37:74:16:4d:3f:be:bf:cf:25:70:03:05:06:de:d2:52:
> > >> >> >> >>         
> > >94:ff:6a:fc:0c:32:ef:aa:ab:63:6d:e1:77:56:fc:3f:32:c6:
> > >> >> >> >>         20:a8
> > >> >> >> >> 
> > >> >> >> >> 
> > >> >> >> >> 
> > >> >> >> >> -
> > >> >> >> >> Henri Gomez                 ___[_]____
> > >> >> >> >> EMAIL : [EMAIL PROTECTED]        (. .)                     
> > >> >> >> >> PGP KEY : 697ECEDD    ...oOOo..(_)..oOOo...
> > >> >> >> >> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
> 
> > >> >> >> >> 
> > >> >> >> >
> > >> >> >> >
> > >> >> >> >__________________________________________________
> > >> >> >> >Voila vous propose une boite aux lettres gratuite sur 
> > >Voila Mail:
> > >> >> >> >http://mail.voila.fr
> > >> >> >> >
> > >> >> >> >
> > >> >> >> 
> > >> >> >
> > >> >> >__________________________________________________
> > >> >> >Voila vous propose une boite aux lettres gratuite sur Voila
> Mail:
> > >> >> >http://mail.voila.fr
> > >> >> >
> > >> >> >
> > >> >> >
> > >> >> 
> > >> >
> > >> >
> > >> >__________________________________________________
> > >> >Voila vous propose une boite aux lettres gratuite sur Voila
> Mail:
> > >> >http://mail.voila.fr
> > >> >
> > >> >
> > >> 
> > >
> > >__________________________________________________
> > >Voila vous propose une boite aux lettres gratuite sur Voila Mail:
> > >http://mail.voila.fr
> > >
> > >
> > >
> > 
> 
> __________________________________________________
> Voila vous propose une boite aux lettres gratuite sur Voila Mail:
> http://mail.voila.fr
> 
> 
> 



-
Henri Gomez                 ___[_]____
EMAIL : [EMAIL PROTECTED]        (. .)                     
PGP KEY : 697ECEDD    ...oOOo..(_)..oOOo...
PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6

Reply via email to