Re: apachectl startssl started, but viewing https in browser does not

Wed, 10 Aug 2005 11:28:19 -0700 

These lines are from ssl.conf

 DocumentRoot "/opt/apache/CA"
SSLCertificateFile /opt/apache/CA/192.33.175.160.crt
SSLCertificateKeyFile /opt/apache/CA/192.33.175.160.key
SSLCertificateChainFile /opt/apache/CA/my-ca.crt
SSLCACertificateFile /opt/apache/CA/my-ca.crt

 <Directory "/opt/apache/CA">
     SSLOptions +StdEnvVars
  </Directory>


These are from httpd.conf

 ServerRoot "/usr/local/apache2"
 Listen 80
DocumentRoot "/opt/apache/htdocs" - This is a second DocumentRoot - the 
httpd.conf includes the ssl.conf - could this be causing the problem?

changed htdocs to CA - still with problem

Do the .crt and .key files need be in CA?

The certificates were created by following the steps in this document.
http://www.vanemery.com/Linux/Apache/apache-SSL.html

tia,
dk






-----Original Message-----
From: Jorey Bump <[EMAIL PROTECTED]>
Sent: Aug 10, 2005 1:53 PM
To: openssl-users@openssl.org
Subject: Re: apachectl startssl started, but viewing https in browser does not

[EMAIL PROTECTED] wrote:
> if apachectl startssl works, any idea how come 
> trying to open https://ipaddres:443/index.html cannot display the page?

It's redundant. The standard port for https is already 443, and some 
browsers will simply remove it from the URL. The fact that the page 
won't display is probably unrelated to this.

> the following log appears after trying
> 
> openssl s_client -connect IPAddress:443 -state -debug
> 
> No client certificate CA names sent
> ---
> SSL handshake has read 2519 bytes and written 304 bytes
> ---
> New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
> Server public key is 1024 bit
> SSL-Session:
>     Protocol  : TLSv1
>     Cipher    : shows string here
>     Session-ID: showsid here
>     Session-ID-ctx:
>     Master-Key: shows key here
>     Key-Arg   : None
>     Start Time: 1123688834
>     Timeout   : 300 (sec)
>     Verify return code: 7 (certificate signature failure)
> 
> What does code 7 indicate? Is that the reason the page cannot be seen?
> Does something need to be added into the browser?
> What will trigger the browser to ask the person to verify the certificate?

It's not always easy to determine the exact cause of the problem from 
the error message. Briefly, how did you create the certificate? What are 
your SSLCertificate* settings in your conf file?
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to