Re: Can't (programmatically) generate browser-compatible SSL certs

2000-12-26 Thread rsalz
>os360.caveosystems.com does not exist according to the zone transfer I >do from ns1[67].verio-web.com... No, it's private DNS. And its os390. And it does exist. The bug is almost definitely what Steve pointed out -- wrong OID for the sign mech. /r$

Re: Can't (programmatically) generate browser-compatible SSL certs

2000-12-26 Thread Richard Levitte - VMS Whacker
From: Rich Salz <[EMAIL PROTECTED]> rsalz> > make sure you common name ie. www.yahoo.com in the cert is the rsalz> > resolved dns name you are using to pull up the site. Also make sure rsalz> > you have a server certificate or intermediate.ca configured. rsalz> rsalz> that's why I attached the d

Re: Can't (programmatically) generate browser-compatible SSL certs

2000-12-26 Thread Rich Salz
> The reason is that somehow you've managed to get sha1WithRSAEncryption > as the OID in the RSA encrypted DigestInfo structure instead of SHA1. Thank you. I knew that you'd know the answer. :) We are doing things at a low-level and I'm gonna smack that boy when he comes back. :) /r$ 

Re: Can't (programmatically) generate browser-compatible SSL certs

2000-12-26 Thread Dr S N Henson
Rich Salz wrote: > > > make sure you common name ie. www.yahoo.com in the cert is the > > resolved dns name you are using to pull up the site. Also make sure > > you have a server certificate or intermediate.ca configured. > > that's why I attached the data, so folks could see that I did that. >

Re: Can't (programmatically) generate browser-compatible SSL certs

2000-12-26 Thread Rich Salz
> make sure you common name ie. www.yahoo.com in the cert is the > resolved dns name you are using to pull up the site. Also make sure > you have a server certificate or intermediate.ca configured. that's why I attached the data, so folks could see that I did that. I don't have basic constraints

RE: Can't (programmatically) generate browser-compatible SSL certs

2000-12-26 Thread Walgamotte, David
Title: RE: Can't (programmatically) generate browser-compatible SSL certs make sure you common name ie. www.yahoo.com in the cert is the resolved dns name you are using to pull up the site. Also make sure you have a server certificate or intermediate.ca configured. -Original Me

Re: Can't (programmatically) generate browser-compatible SSL certs

2000-12-26 Thread Ng Pheng Siong
On Tue, Dec 26, 2000 at 11:15:36AM -0500, Rich Salz wrote: > [Tue Dec 26 11:11:35 2000] [error] mod_ssl: SSL handshake failed > (server os390.caveosystems.com:8443, client 10.139.16.1) (OpenSSL > library error follows) > [Tue Dec 26 11:11:35 2000] [error] OpenSSL: error:140

Can't (programmatically) generate browser-compatible SSL certs

2000-12-26 Thread Rich Salz
I am generating my own keys and certs for Apache/mod_ssl. I can connect via s_client fine. Using Netscape on Linux pops up a dialog that says "The security library has encountered an improperly-formatted DER message." and the Apache error_log says: [Tue Dec 26 11:11:35 2000] [error] mod_