FW: Certificate Problems
am 16.06.2004 17:29:27 von Richard SkeggsThanks for the response, to explain abit more the error I see in the log
file only get written when I start apache using apachactl startssl the
message written to ssl_error_log is:
[Wed Jun 16 10:59:48 2004] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?) [Wed Jun 16 10:59:48 20=
04]
[warn] RSA server certificate CommonName (CN) `localhost.localdomain' doe=
s
NOT match server name!? [Wed Jun 16 10:59:50 2004] [warn] RSA server
certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [We=
d Jun
16 10:59:50 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
As for the the request I was making it was to simply get the home page of
eghapp
Using the url http://eghapp:8000 through my browser I get to view the hom=
e
page of eghapp
However https://eghapp:8000 I get the following log message from
error_log: [Wed Jun 16 11:08:05 2004] [error] [client 10.14.2.8] Invalid
method in request!L!! From access_log: 10.14.2.8 - -
[16/Jun/2004:11:07:38 +0100] " L" 501 1007 Nothing gets written to the ss=
l
message files. The browser returns
Cannot find server or DNS Error
Internet Explorer
I am trying to install ssl on the eghapp server which is a RedHat9 linux
box. An extract from the hosts file on eghapp is:
127.0.0.1 localhost loghost
10.14.1.150 eghapp
An extract from the httpd.conf file is shown below
Listen 8000
NameVirtualHost 10.14.1.150
ProxyPass /esav http://eghsnap1:8081/esav
ProxyPassReverse /esav http://eghsnap1:8081/esav
ProxyPass /ddrint http://eghsnap2:8081/ddrint
ProxyPassReverse /ddrint http://eghsnap2:8081/ddrint
ProxyPass /vnc http://eghsnap1:80/vnc
ProxyPassReverse /vnc http://eghsnap1:80/vnc
ServerAdmin webmaster@mobius.com
DocumentRoot /var/www/html
ServerName eghapp
ErrorLog logs/error_log
CustomLog logs/access_log common
#
SSLProtocol -all +SSLv2
SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
SSLCertificateFile /etc/httpd/server.csr
SSLCertificateKeyFile /etc/httpd/server.key
For your information I am running
Apache 2.0.4.0
IE 6.0.2
Richard
-----Original Message-----
From: owner-modssl-users@modssl.org [mailto:owner-modssl-users@modssl.org=
]
On Behalf Of Boyle Owen
Sent: 16 June 2004 10:20
To: modssl-users@modssl.org
Subject: RE: Certificate Problems
Plain text please...
If you got an error in the ssl error-log then apache must be running. The
invalid method error is exactly that - the HTTP method wasn't GET, POST
etc... What request were you making when you got the error? Cross-check
the access log for details...
It looks like your certificate common name is localhost.localdomain and
this doesn't match the ServerName argument which is what the warning is
about.
The DNS error means that he browser cannot resolve eghapp to an IP addres=
s
while curl, apparently, can. No idea why - depends on OS, browser version=
,
config etc. (eg, if the browser goes via a proxy, the proxy will not see =
a
local /etc/hosts definition of eghapp).
Tip: if you post back, cut'n'paste exact error messages - do not
paraphrase as this loses important information. Also, give OS, apache 1.3
or 2 etc.
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. Th=
is
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le pr=E9sent e-mail est=
un
message priv=E9 et personnel, sans rapport avec l'activit=E9 boursi=E8re =
du
Groupe SWX.
-----Original Message-----
From: Richard Skeggs [mailto:RSKEGGS@mobius.com]
Sent: Mittwoch, 16. Juni 2004 11:07
To: 'modssl-users@modssl.org'
Subject: Certificate Problems
I am trying to set up ssl on my server and I have been through what I
believe are the correct settings. I can run the command line script
'openssl s_client -connect eghapp:443 -state -debug' I don't appear to ge=
t
an error message. However when trying to start apache using the startssl
switch the following error turns up in the ssl_error_log [Tue Jun 15
15:11:04 2004] [warn] RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)
[Tue Jun 15 15:11:04 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!? [Tue Jun 15 15:11:07
2004] [warn] RSA server certificate is a CA certificate (BasicConstraints=
:
CA == TRUE !?)
[Tue Jun 15 15:11:07 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!? [Tue Jun 15 15:26:34
2004] [error] [client 10.14.1.150] Invalid method in request
I have also been able to successfully run the command 'curl
https://eghapp'. However when I try to run 'https://eghapp' through the
browser I get an error saying that the DNS server cannot be found. On
checking the nothing gets written to any of the ssl log files. Does anyon=
e
know how I can resolve this?
Thanks
Richard Skeggs
Software Engineer
Mobius Management Systems
Cavendish House
5 The Avenue
Egham
Surrey
TW20 9AB
Tel: +44 (0) 1784 484700
Mobile: + 44 (0) 7971 608315
email: rskeggs@mobius.com
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system=
..
Please also immediately destroy any hardcopies of the message. You must
not, directly or indirectly, use, disclose, distribute, print, or copy an=
y
part of this message if you are not the intended recipient. The sender's
company reserves the right to monitor all e-mail communications through
their networks. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the
sender is authorised to state them to be the views of the sender's
company.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org