RE: Experiencing error when installing a Verisign certificate!

Wed, 06 Dec 2000 10:01:51 -0800 

It is possible that a Verisign certificate is not compatible with OpenSSL.
Perhaps someone else can confirm or deny this.

I have been experimenting with OpenSSL and a product from Rick Kaseguma
called SSLWrap.  In Rick's documentation
(http://www.rickk.com/sslwrap/index205.htm) he says: "Verisign previously
would not issue a certificate for a server using ssleay; though this may
have changed."

Maybe your problem is related to this, or maybe this Verisign shortcoming is
no longer true.  I would like to know if anybody knows of any current
limitations between popular commercial CA's and OpenSSL.

Also, if anybody has any practical experience using SSLWrap to wrap an FTP
command channel (my current project), send me some words of encouragement.

Jeff Cornett
Optio Software, Inc. 
225 S. Westmonte Avenue, Suite 3000, Altamonte Springs, FL  32714

                        Phone                           E-Mail
Web Site
Business:       407-774-7800            [EMAIL PROTECTED]
http://www.optiosoftware.com
Home:           407-330-1968            [EMAIL PROTECTED]
http://www.printagame.com

      /   /   /   /                                             \   \   \
\
===o::O:O:O:O:O:O:O:O====               ===o:==O=O=O=O=O=O=O=O===
        \   \   \   \                                     /   /   /   /


> -----Original Message-----
> From: Wilt, Paul [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, December 06, 2000 11:35 AM
> To:   [EMAIL PROTECTED]
> Subject:      Experiencing error when installing a Verisign certificate!
> 
> We recently needed to update our Verisign certificate for our secure site.
> We are switching from Netscape to Apache mod_ssl/OpenSSL.
> We are attempting to install the Verisign certificate that we received
> (after using openssl commands to generate the CSR and host key [you all
> know
> the drill!]).
> 
> When starting the server we get the following errors:
> ==========================================================================
> ==
> ======================================
> [04/Dec/2000 12:09:21 5411938] [info]  Server: Apache/1.3.12, Interface:
> mod_ssl/2.6.6, Library: OpenSSL/0.9.6
> [04/Dec/2000 12:09:21 5411938] [info]  Init: 1st startup round (still not
> detached)
> [04/Dec/2000 12:09:21 5411938] [info]  Init: Initializing OpenSSL library
> [04/Dec/2000 12:09:21 5411938] [info]  Init: Loading certificate & private
> key of SSL-aware server storefront.xanedu.com:8443
> [04/Dec/2000 12:09:21 5411938] [info]  Init: Seeding PRNG with 136 bytes
> of
> entropy
> [04/Dec/2000 12:09:21 5411938] [info]  Init: Generating temporary RSA
> private keys (512/1024 bits)
> [04/Dec/2000 12:09:21 5411938] [info]  Init: Configuring temporary DH
> parameters (512/1024 bits)
> [04/Dec/2000 12:09:24 5523600] [info]  Init: 2nd startup round (already
> detached)
> [04/Dec/2000 12:09:24 5523600] [info]  Init: Reinitializing OpenSSL
> library
> [04/Dec/2000 12:09:24 5523600] [info]  Init: Seeding PRNG with 136 bytes
> of
> entropy
> [04/Dec/2000 12:09:24 5523600] [info]  Init: Configuring temporary RSA
> private keys (512/1024 bits)
> [04/Dec/2000 12:09:24 5523600] [info]  Init: Configuring temporary DH
> parameters (512/1024 bits)
> [04/Dec/2000 12:09:24 5523600] [info]  Init: Initializing (virtual)
> servers
> for SSL
> [04/Dec/2000 12:09:24 5523600] [info]  Init: Configuring server
> storefront.xanedu.com:8443 for SSL protocol
> [04/Dec/2000 12:09:24 5523600] [error] Init: (storefront.xanedu.com:8443)
> Unable to configure verify locations for client authentication (OpenSSL
> library error follows)
> [04/Dec/2000 12:09:24 5523600] [error] OpenSSL: error:0906D066:PEM
> routines:PEM_read_bio:bad end line
> [04/Dec/2000 12:09:24 5523600] [error] OpenSSL: error:0B084009:x509
> certificate routines:X509_load_cert_crl_file:missing asn1 eos
> ==========================================================================
> ==
> ======================================
> 
> Our OS is SGI Irix 6.5.3 and the executable was built with the -64 option
> (i.e., 64-bit) if this is of any importance.
> 
> Does anyone know what the error message means?
> 
> Thanks
> Paul E Wilt 
> Principal Software Engineer
> ____________________________________________________
> XanEdu, Inc. ( a division of Bell+Howell Information&Learning)
> http://www.XanEdu.com
> mailto:[EMAIL PROTECTED]
> mailto:[EMAIL PROTECTED]
> 300 North Zeeb Rd                     Phone: (734) 975-6021  (800)
> 521-0600 x6021
> Ann Arbor, MI 48106           Fax:    (734) 973-0737
> ____________________________________________________
> 
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to