Yes, I imported the CA certificate in my browser. At this point, I don't know if there is a problem with the certificate or the setup of Apache.
thanks, On Sat, Feb 20, 2010 at 10:13 PM, Stephen Powell <zlinux...@wowway.com>wrote: > On Sat, 20 Feb 2010 21:14:36 -0500 (EST), Bernard Fay wrote: > > I create a CA certificate and site certificate according to > > http://www.debian-administration.org/articles/618. > > > > I set it up in Apache under Debian Lenny. > > > > When I try to access the site, I receive the following message: > > > > Secure Connection Failed > > An error occurred during a connection to www.kingstongrant.com. > > SSL received a record that exceeded the maximum permissible length. > > (Error code: ssl_error_rx_record_too_long) > > > > What could be wrong? Am I missing a module? I have the following > modules > > loaded in Apache. > > > > apache2ctl -M > > Loaded Modules: > > core_module (static) > > log_config_module (static) > > logio_module (static) > > mpm_prefork_module (static) > > http_module (static) > > so_module (static) > > alias_module (shared) > > auth_basic_module (shared) > > authn_file_module (shared) > > authz_default_module (shared) > > authz_groupfile_module (shared) > > authz_host_module (shared) > > authz_user_module (shared) > > autoindex_module (shared) > > cgi_module (shared) > > deflate_module (shared) > > dir_module (shared) > > env_module (shared) > > mime_module (shared) > > negotiation_module (shared) > > perl_module (shared) > > php5_module (shared) > > proxy_module (shared) > > proxy_http_module (shared) > > setenvif_module (shared) > > ssl_module (shared) > > status_module (shared) > > Syntax OK > > > > You say you created a CA certificate and a site certificate on your site. > Let's call that site A. So the web server on site A is using a site > certificate signed by a homemade CA certificate. Now you try to do > a secure SSL connection to site A from site B. But ... > > Does site B have that homemade CA certificate installed in its > repository of trusted CAs? If not, then it won't work. I'm not sure > about a "record length exceeded" error; but I do know that if site > B does not have the CA certificate that signed the site certificate > that site A's web server is using installed in its database of trusted > CAs that TLS negotiation will certainly fail. > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: > http://lists.debian.org/1018608095.13923661266721987968.javamail.r...@md01.wow.synacor.com > >
