Error viewing webpages with ssl

Error viewing webpages with ssl

am 01.07.2002 15:30:41 von Scott Savarese

I just installed modssl and apache 2.0.39 (I used the modssl module that
came with it) and got it to compile and start. But when I go to view one
of my virtual hosts I get an error with mozilla (I get a similar one with
netscape):

hostname has received an incorrect or unexpected message. Error
Code: -12227

where hostname is the name of the server I was connecting to. This happens
on all my virtual hosts that I use ssl for. The certificate I created was
self signed by me (figured it might be important). At the bottom is an
excerpt from my httpd.conf and also an excerpt from my error_log file...I
hope they help...

Thanks,
Scott Savarese


Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:logs/ssl_mutex
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.crt/server.key
SSLVerifyClient require
SSLVerifyDepth 1

SSLOptions +StdEnvVars

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
NameVirtualHost *:443

ServerName virthost1:443 # The server names have been changed....
DocumentRoot /home/savarese/webpages
Alias /music "/home/savarese/mp3/"
SSLEngine on


ServerName virthost2:443
DocumentRoot /home/savarese/webpages/photoalbums
SSLEngine on


ServerName virthost3:443
DocumentRoot /home/savarese/webpages/resume
SSLEngine on


And if you'd like to read on, here are the errorlogs that are generated
(the webserver was started at 7:34AM):

[Mon Jul 01 07:34:20 2002] [warn] Init: Oops, you want to request client
authentication, but no CAs are known for
verification!? [Hint: SSLCACertificate*]
[Mon Jul 01 07:34:20 2002] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Mon Jul 01 07:34:20 2002] [warn] RSA server certificate CommonName
(CN) `Scott Savarese' does NOT match server name!?
[Mon Jul 01 07:34:20 2002] [warn] Init: Oops, you want to request client
authentication, but no CAs are known for
verification!? [Hint: SSLCACertificate*]
[Mon Jul 01 07:34:20 2002] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Mon Jul 01 07:34:20 2002] [warn] RSA server certificate CommonName
(CN) `Scott Savarese' does NOT match server name!?
[Mon Jul 01 07:34:20 2002] [warn] Init: Oops, you want to request client
authentication, but no CAs are known for
verification!? [Hint: SSLCACertificate*]
[Mon Jul 01 07:34:20 2002] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Mon Jul 01 07:34:20 2002] [warn] RSA server certificate CommonName
(CN) `Scott Savarese' does NOT match server name!?
[Mon Jul 01 07:34:20 2002] [notice] Digest: generating secret for digest
authentication ...
[Mon Jul 01 07:34:20 2002] [notice] Digest: done
[Mon Jul 01 07:34:23 2002] [warn] Init: Oops, you want to request client
authentication, but no CAs are known for
verification!? [Hint: SSLCACertificate*]
[Mon Jul 01 07:34:23 2002] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Mon Jul 01 07:34:23 2002] [warn] RSA server certificate CommonName
(CN) `Scott Savarese' does NOT match server name!?
[Mon Jul 01 07:34:23 2002] [warn] Init: Oops, you want to request client
authentication, but no CAs are known for
verification!? [Hint: SSLCACertificate*]
[Mon Jul 01 07:34:23 2002] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Mon Jul 01 07:34:23 2002] [warn] RSA server certificate CommonName
(CN) `Scott Savarese' does NOT match server name!?
[Mon Jul 01 07:34:23 2002] [warn] Init: Oops, you want to request client
authentication, but no CAs are known for
verification!? [Hint: SSLCACertificate*]
[Mon Jul 01 07:34:23 2002] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?)
[Mon Jul 01 07:34:23 2002] [warn] RSA server certificate CommonName
(CN) `Scott Savarese' does NOT match server name!?
[Mon Jul 01 07:34:24 2002] [notice] Apache/2.0.39 (Unix) DAV/2
mod_ssl/2.0.39 OpenSSL/0.9.6c PHP/4.2.1 configured -- resuming normal
operations
[Mon Jul 01 09:11:45 2002] [error] SSL handshake failed (server
skibum.dyndns.org:443, client 12.22.156.217)
[Mon Jul 01 09:11:45 2002] [error] SSL Library Error: 336105671
error:140890C7:lib(20):func(137):reason(199)
[Mon Jul 01 09:11:51 2002] [error] SSL handshake failed (server
skibum.dyndns.org:443, client 12.22.156.217)
[Mon Jul 01 09:11:51 2002] [error] SSL Library Error: 336105671
error:140890C7:lib(20):func(137):reason(199)
[Mon Jul 01 09:12:45 2002] [error] Spurious SSL handshake interrupt
[Hint: Usually just one of those OpenSSL confusions!?]
[Mon Jul 01 09:12:49 2002] [error] Spurious SSL handshake interrupt
[Hint: Usually just one of those OpenSSL confusions!?]
[Mon Jul 01 09:19:16 2002] [error] SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!]






____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org