invalid method in ssl request

Thu, 26 Oct 2006 12:39:12 -0700
I was asked to renew an SSL certificate on our server, running Apache 2.0.52/Unix. So prior to me touching anything, the SSL stuff was working. 


I did a new CSR, generated a new key, and installed a new cert.crt 
with appropriate changes to httpd.conf (I put them in a new 
directory).


The test URL is this:

https://www.macnexus.org/customer/


Initially there was the error message (as presented via the above 
URL) and the log had an ASN1 encoding error.  I worked with Verisign 
and we resolved the ASN1 encoding error.


However, the new certificate still will not work.  The log shows:


Thu Oct 26 11:10:02 2006] [warn] Init: Session Cache is not 
configured [hint: SSLSessionCache]
[Thu Oct 26 11:10:03 2006] [notice] Digest: generating secret for 
digest authentication ...

[Thu Oct 26 11:10:03 2006] [notice] Digest: done

[Thu Oct 26 11:10:04 2006] [notice] Apache/2.0.52 (Unix) DAV/2 
PHP/4.3.9 mod_ssl/2.0.52 OpenSSL/0.9.7i configured -- resuming normal 
operations
[Thu Oct 26 11:10:56 2006] [error] [client 67.100.211.10] Invalid 
method in request \x16\x03\x01
[Thu Oct 26 11:53:13 2006] [error] [client 24.10.96.107] Invalid 
method in request \x80\x85\x01\x03\x01
[Thu Oct 26 11:53:13 2006] [error] [client 24.10.96.107] Invalid 
method in request \x16\x03
[Thu Oct 26 11:53:36 2006] [error] [client 24.10.96.107] Invalid 
method in request \x80\x85\x01\x03\x01
[Thu Oct 26 11:53:36 2006] [error] [client 24.10.96.107] Invalid 
method in request \x16\x03
[Thu Oct 26 12:08:41 2006] [error] [client 205.178.191.148] Invalid 
method in request \x16\x03\x01
[Thu Oct 26 12:33:35 2006] [error] [client 67.100.211.10] Invalid 
method in request \x16\x03\x01




The whole thing is rather odd because this web site had working SSL 
before I went to renew the certificate. The only thing I know is new 
is that Verisign now (as of a month ago) requires you to install 
their intermediate certificate and we never had to do that before.




I have reviewed httpd.conf and the 3 lines that would invoke ssl.conf 
are commented out, so it is my belief that the server was working 
before without loading ssl.conf settings.  However I have tried 
uncommenting out those lines just to see if anything changes, but it 
really did not make a difference whether ssl.conf is called or not.


The httpd.conf does load mod_ssl in a one-line statement in there.

At this point I am baffled.

Bill Davies
Sacramento
my direct email is:     bdavies  - at -  macnexus - dot - org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            [EMAIL PROTECTED]














    











					Reply via email to