Problem creating CA's -ssl_error_handshake_failure_alert

Sun, 02 Nov 2008 13:12:52 -0800 

I all!

Maybe I'm too much novice on this, but I want to create a certificate
for each virtual host on my apache server (3 virtual hosts).
So i created my own CA, then one for each virtual host, like this:

Created the private CA and certificate:
   openssl genrsa -out SSC_CA.key 1024
   openssl req -new -key SSC_CA.key -out SSC_CA.csr
      (then i have entered country, organization name, etc, with no passphrase)
   openssl x509 -req -days 365 -in SSC_CA.csr -out SSC_CA.crt -signkey
SSC_CA.key


Created for each server using the private CA:
   openssl genrsa -out intra01.key 1024
   openssl req -new -key intra01.key -out intra01.csr
      (then i have entered country, organization name, etc, with no passphrase)
   openssl ca -in intra01.csr -cert SSC_CA.crt -keyfile SSC_CA.key
-out intra01.crt

   openssl genrsa -out ssc01.key 1024
   openssl req -new -key ssc01.key -out ssc01.csr
      (then i have entered country, organization name, etc, with no passphrase)
   openssl ca -in ssc01.csr -cert SSC_CA.crt -keyfile SSC_CA.key -out ssc01.crt

   openssl genrsa -out sec01.key 1024
   openssl req -new -key sec01.key -out sec01.csr
      (then i have entered country, organization name, etc, with no passphrase)
   openssl ca -in sec01.csr -cert SSC_CA.crt -keyfile SSC_CA.key -out sec01.crt


Then I configured each virtualhost on ssl.cnf with this lines (i copy
only this ones for not a very long e-mail):
   SSLCertificateFile /usr/local/ssl/SSCCA/intra01.crt
   SSLCertificateKeyFile /usr/local/ssl/SSCCA/intra01.key
   SSLCACertificateFile /usr/local/ssl/SSCCA/SSC_CA.crt


It appears to be all ok, the appache starts with no problem, but when
i try to view the webpages firefox first tell me about the unknow
certificate, i add the exception, ok, then after adding the exception
i get this error:

An error occurred during a connection to ssc01.dei.uc.pt.

SSL peer was unable to negotiate an acceptable set of security parameters.

(Error code: ssl_error_handshake_failure_alert)



Please tell me, what i have done wrong? Is there anything that I
fairly clear and I should understand in SSL and Certificates?


Thank you in advance!

David Carvalho
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to