SSLCipherSuite ALL error

Hello , again.. I hate to be a pain here
With ./apachectl startssl
I am getting......
"../conf/httpd.conf" 1234 lines, 44355 characters
109 /apache/bin > ./apachectl startssl
Syntax error on line 1085 of /apache/conf/httpd.conf:
Invalid command 'SSLCipherSuite', perhaps mis-spelled or defined by a module
not included in the server configuration
../apachectl startssl: httpd could not be started

////Line 1085 says ///
1085 SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+SSLv2:+EXP:+eNULL
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: SSLCipherSuite ALL error

OK, I think I narrowed this part down..
I am getting this on make certificate...
Verify: matching certificate signature
.../conf/ssl.crt/server.crt: /C=XY/ST=Snake Desert/L=Snake Town/O=Snake Oil,
Ltd/OU=Certificate Authority/CN=Snake Oil CA/Email=ca@snakeoil.dom
error 10 at 1 depth lookup:certificate has expired

Anyone ?

-----Original Message-----
From: Zandi Patrick S TSgt AFRL/IFOSS
Sent: Monday, October 07, 2002 9:39 AM
To: 'modssl-users@modssl.org'
Subject: SSLCipherSuite ALL error


Hello , again.. I hate to be a pain here
With ./apachectl startssl
I am getting......
"../conf/httpd.conf" 1234 lines, 44355 characters
109 /apache/bin > ./apachectl startssl
Syntax error on line 1085 of /apache/conf/httpd.conf:
Invalid command 'SSLCipherSuite', perhaps mis-spelled or defined by a module
not included in the server configuration ./apachectl startssl: httpd could
not be started

////Line 1085 says ///
1085 SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+SSLv2:+EXP:+eNULL
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: SSLCipherSuite ALL error

It looks like the default CA certificate that comes with openssl has
expired...

The solution to this is to generate your own CA and then generate and
sign your server certificate using this own CA.

If you have perl in your machine, try this url (although its meant for
FreeBSD, it works just as well on Linux):

http://www.freebsddiary.org/openssl-client-authentication.ph p

Just follow the part until he generates the server certificate and
insert this and the CA on httpd.conf. The second part he's actually
admited to me is not the client certificate he was mentioning, but
rather the server certificate.

Regards
Jose



-----Original Message-----
From: Zandi Patrick S TSgt AFRL/IFOSS [mailto:Patrick.Zandi@rl.af.mil]
Sent: 07 October 2002 17:01
To: 'modssl-users@modssl.org'
Subject: RE: SSLCipherSuite ALL error


OK, I think I narrowed this part down..
I am getting this on make certificate...
Verify: matching certificate signature
.../conf/ssl.crt/server.crt: /C=XY/ST=Snake Desert/L=Snake Town/O=Snake
Oil,
Ltd/OU=Certificate Authority/CN=Snake Oil CA/Email=ca@snakeoil.dom
error 10 at 1 depth lookup:certificate has expired

Anyone ?

-----Original Message-----
From: Zandi Patrick S TSgt AFRL/IFOSS
Sent: Monday, October 07, 2002 9:39 AM
To: 'modssl-users@modssl.org'
Subject: SSLCipherSuite ALL error


Hello , again.. I hate to be a pain here
With ./apachectl startssl
I am getting......
"../conf/httpd.conf" 1234 lines, 44355 characters
109 /apache/bin > ./apachectl startssl
Syntax error on line 1085 of /apache/conf/httpd.conf:
Invalid command 'SSLCipherSuite', perhaps mis-spelled or defined by a
module
not included in the server configuration ./apachectl startssl: httpd
could
not be started

////Line 1085 says ///
1085 SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+SSLv2:+EXP:+eNULL
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org