Dr. Henson, Thanks for your earlier help. Although the command you specified did generate a key, Explorer failed from my NT station to open the secure page. It would give the standard Page Cannot Be Displayed Message. Even more wierd if I specified: https://192.168.0.2:443 it would correctly complain it was a bad request. When I ran apache without SSL, everything worked fine.
I wiped the drive and reinstall Solaris 2.8, Jumbo patch, and the Random patch. Then I tried reinstalling. This time I used Apache's make certificate TYPE=custom command. I generate the server.key with the commands "cp server.key server.key.orig; /usr/local/ssl/bin/openssl rsa -in server.key.orig -out server.key." This also resulted in the same above behavior. I finally ran netscape from the box against the box and got the pop up "The server's certificate has an invalid signature. You will not be able to connect to this site securely." Then nothing. What logs, symptoms, etc can I look into to try to diagnose and solve this problem? I cannot find anything beyond these vague symptoms. Any help is most appreciated! Thanks! Daniel ----- Original Message ----- From: "Dr. Stephen Henson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, November 29, 2003 1:38 PM Subject: Re: "Signature did not match the certificate request" on Solaris 2.8 SPARC > On Sat, Nov 29, 2003, Daniel Needles wrote: > > > Hello, > > Help! I've been struggling with getting setting up Secure Certs for Apache on Solaris 2.8. I've tried many variations but keep getting: > > "Signature did not match the certificate request" when trying to generate a cert for testing purposes. > > > > What diagnostics can I perform to get this working? > > > > COMMANDS > > openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out server.key 1024 > > openssl rsa -in server.key -out server.pem > > openssl req -new -key server.key -out server.csr > > openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt > > > > Works fine here. Does your system pass 'make test'? > > That's rather an odd way of doing things you can do the same in one command: > > openssl req -new -days 60 -x509 -out server.crt -nodes -keyout server.pem > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
