On Monday 06 December 2004 17:49, Michael Goettsche wrote: > Hi list, > > I'm having problems with my openssl certificate used with apache2. > I've followed the tutorial on apache.org to create a certificate and sign > it afterwards. This step-by-step guide can be found here: > http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html.en#realcert > > The first problem occurs when following the next step to sign the > certificate( http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#ownca ) > Typing ./sign.sh server.csr I get the following output: > > CA signing: server.csr -> server.crt: > Using configuration from ca.config > Enter PEM pass phrase: > Check that the request matches the signature > Signature ok > The Subjects Distinguished Name is as follows > countryName :PRINTABLE:'DE' > stateOrProvinceName :PRINTABLE:'Germany' > localityName :PRINTABLE:'xxxxxxxx' > organizationName :PRINTABLE:'xxxxxxxxx' > commonName :PRINTABLE:'xxxxxxxxxxxxxx' > emailAddress :IA5STRING:'xxxxxxxxx' > ERROR:There is already a certificate > for > /C=DE/ST=Germany/L=xxxxxxxx/O=xxxxxxxx/CN=xxxxxxxxxxxx/Email=xxxxxxxxxxxxx > The matching entry has the following details > Type :Valid > Expires on :051129093250Z > Serial Number :01 > File name :unknown > Subject > Name > :/C=DE/ST=xxxxxxxxxxx/L=xxxxxxxx/O=xxxxxxxxxxxxxx/CN=xxxxxxxxxxxx/Email=xxx >xxxxxx CA verifying: server.crt <-> CA cert > server.crt: unable to load certificate file > 9007:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:662:Expecting: CERTIFICATE > > If I use this certificate, it works fine with Konqueror(shown certificate > information are fine) and the subversion command line client, but neither > Firefox nor Internet Explorer can connect. > Firefox says: > "Could not establish an encrypted connection because certificate is invalid > or corrupted. Error Code: -8182" > > There are no error messags in apache's error.log > > I already re-created the certificate and signed it, but it didn't help. > > Any of you guys an idea what could be wrong? > > Thanks a ton in advance, > Michael
Anybody? Is this the wrong place to ask? Should I rather ask on apache mailinglist? Or are you missing information? Michael. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
