Sorry if this has been asked before but I could not find anything
obvious after searching the mail list archives for hours.
Moving a site from an old Stronghold DEC UNIX Alpha server to a
Solaris 2.6 server running....
Apache/1.3.6 (Unix) ApacheJServ/1.0 PHP/3.0.9 mod_perl/1.19
mod_ssl/2.3.1 OpenSSL/0.9.3a.
The site in question uses SSL and everything works just fine for
recent MS and NS browsers. The problem is with MS and NS 3.X
browsers which give errors like this...
(Netscape 3.01)
The security library has experienced a databas error
You will probably be unable to connect to this site securely.
If I turn off "SSL v3" on NS, and only use v2, things work.
The log files show the
following....
Virtual client Logs
===================
[Fri Jul 30 14:23:55 1999] [error] mod_ssl: SSL handshake failed
(client 206.63.69.2, server www.timetunnel.com:443)
(OpenSSL library error follows)
[Fri Jul 30 14:23:55 1999] [error] OpenSSL: error:14094412:
SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
[Hint: Subject CN in certificate not server name!?]
ssl_engine_log
==============
[30/Jul/1999 13:30:34] [info] Init: Configuring server www.timetunnel.com:443
for SSL protocol
[30/Jul/1999 13:30:34] [trace] Init: (www.timetunnel.com:443)
Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[30/Jul/1999 13:30:34] [trace] Init: (www.timetunnel.com:443) Configuring
permitted SSL ciphers
[30/Jul/1999 13:30:34] [trace] Init: (www.timetunnel.com:443) Configuring
client authentication
[30/Jul/1999 13:30:34] [trace] CA certificate:
/C=US/ST=Washington/L=Federal Way/O=Time Tunnel, Inc.
/OU=Secure Services Division/CN=www.timetunnel.com
[30/Jul/1999 13:30:34] [trace] CA certificate:
/C=US/ST=Washington/L=Federal Way
/O=Time Tunnel, Inc.
/OU=Secure Services Division/CN=www.timetunnel.com
[30/Jul/1999 13:30:34] [trace] Init: (www.timetunnel.com:443)
Configuring RSA server certificate
[30/Jul/1999 13:30:34] [trace] Init: (www.timetunnel.com:443)
Configuring RSA server private key
[30/Jul/1999 13:30:34] [trace] CA certificate:
/C=US/ST=Washington/L=Federal Way
/O=Time Tunnel, Inc./OU=Secure Services Division/CN=www.timetunnel.com
[30/Jul/1999 13:30:34] [trace] CA certificate:
/C=US/ST=Washington/L=Federal Way
/O=Time Tunnel, Inc./OU=Secure Services Division/CN=www.timetunnel.com
[30/Jul/1999 13:37:32] [info] Connection to child 9 established
(server www.timetunnel.com)
A dump of the certificate shows no obvious problems.
Any help or pointers on why older browsers are having problems
connecting to Apache/mod_ssl/openssl would be most appreciated.
Is this truly a Certificate issue/foul-up? If so, how do I remedy.
Thanks.
--
Tim Rosmus <[EMAIL PROTECTED]>
Postmaster / USENET / DNS
WinStar Northwest Nexus
--
Tim Rosmus <[EMAIL PROTECTED]>
Postmaster / USENET / DNS
WinStar Northwest Nexus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
