On Wed, Mar 25, 2015 at 05:40:11PM GMT, Theodore Wynnychenko wrote: Hi Theodore,
> So, I checked the certificate: > openssl x509 -text -noout -in /etc/ssl/server.crt > > and I get: > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 1 (0x1) > Signature Algorithm: sha256WithRSAEncryption > <etc> > > All seems fine. It may seem fine to you but most likely it isn't. > I took the server.key and server.crt files to an older machine > (actually, the one I am trying to replace) that is running 4.9 (I > think) and apache. Put the "new" certificate and key in the proper > places, and was able to open an https connection to that machine, and > was able to confirm that the new certificate was the one being > presented and works. That's probably where the problem lies - the key and/or the certificate. I've just tested your configuration with a new key and cert and it works absolutely fine. Have you run any tests using 's_client'? Regards, Raf
