Hello, I am configuring a remote x86 Centos 4.3 box (running in UML) as personal web and email server. Openssl version is openssl-0.9.7a-43.8. I want it to be able to serve https pages and to securely forward/email to and from my home computer.
Therefore, I have generated a certificate following, on the server, the procedure at http://wanderingbarque.com/howtos/mailserver/mailserver.html, but it is unusable. When I try to download email with fetchmail I get errors and, if I run on the server "openssl -verify -issuer_checks...." I get: error 30 at 0 depth lookup:authority and subject key identifier mismatch which, as far as I understand, seems to be caused by screwed settings of subjectKeyIdentifier and authorityKeyIdentifier in openssl.conf. But I have not changed them from the default: ###################################################################### ~/geecheck/usr/share/ssl> grep -i keyidentifier openssl.cnf subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. authorityKeyIdentifier=keyid:always,issuer:always ######################################################################## What is happening? Should I change those settings? If yes, to which values? Another weird thing, don't know if related to this or not. When I generate the fingerprint on the server and on my home PC (Suse 10.1 x86_64) I get different results. What does it mean? Please let me know what other info I should provide, this is really blocking me :-( TIA, Marco -- Marco Fioretti mfioretti, at the server mclink.it Fedora Core 3 for low memory http://www.rule-project.org/ Real leaders are ordinary people with extraordinary determination ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
