You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "S.A. Birl" <sb...@temple.edu> on 2007/08/09 22:44:47 UTC
[users@httpd] Apache 2.2.4 self-signed SSL problem with openssl 0.9.8e on Solaris
10
Greetings all:
I recently upgraded my server from Solaris 9 to Solaris 10.
I restored my self-signed CRT and privkey.pem from backup,
and restored all of my Apache files (minus the binaries) from
backup too. Re-compiled httpd (just in case) and started it up.
Apache asked for the passphrase and accepted it, but my web browsers
wont connect to it. SeaMonkey says "Data Transfer Interrupted"
https://concept.temple.edu/
Generating a new CSR and CRT with openssl 0.9.8e and tried again.
Same result.
Nothing in the error log; nothing in the access log, but lsof says
httpd is listening on 443.
Im baffled. What could I be over-looking?
Thanks
Birl
Please do not CC me responses to my own posts.
I'll read the responses on the list.
Archives http://mail-archives.apache.org/mod_mbox/httpd-users/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Fixed. Apache 2.2.4 self-signed SSL problem with openssl 0.9.8e
on Solaris 10
Posted by "S.A. Birl" <sb...@temple.edu>.
On Aug 10, 2007, S.A. Birl (nospam-sbirl+Apache-List@temple.edu.ns) typed:
Birl: On Aug 9, 2007, Dragon (nospam-dragon@crimson-dragon.com.ns) typed:
Birl:
Birl: Dragon: S.A. Birl wrote:
Birl: Dragon: > Greetings all:
Birl: Dragon: >
Birl: Dragon: > I recently upgraded my server from Solaris 9 to Solaris 10.
Birl: Dragon: > I restored my self-signed CRT and privkey.pem from backup,
Birl: Dragon: > and restored all of my Apache files (minus the binaries) from
Birl: Dragon: > backup too. Re-compiled httpd (just in case) and started it up.
Birl: Dragon: >
Birl: Dragon: > Apache asked for the passphrase and accepted it, but my web browsers
Birl: Dragon: > wont connect to it. SeaMonkey says "Data Transfer Interrupted"
Birl: Dragon: >
Birl: Dragon: > https://concept.temple.edu/
Birl: Dragon: >
Birl: Dragon: > Generating a new CSR and CRT with openssl 0.9.8e and tried again.
Birl: Dragon: > Same result.
Birl: Dragon: >
Birl: Dragon: > Nothing in the error log; nothing in the access log, but lsof says
Birl: Dragon: > httpd is listening on 443.
Birl: Dragon: >
Birl: Dragon: > Im baffled. What could I be over-looking?
Birl: Dragon: >
Birl: Dragon: >
Birl: Dragon: > Thanks
Birl: Dragon: > Birl
Birl: Dragon: ---------------- End original message. ---------------------
Birl: Dragon:
Birl: Dragon: The site came up in my browser (IE7) but showed a certificate error.
Birl: Dragon: The error is that the certificate is not signed by a trusted authority.
Birl:
Birl:
Birl:
Birl: Yes, that's why I said in the OP that it was "self-signed".
Birl:
Birl: Interesting that it came up in IE7, as I confirmed it myself.
Birl: So other than it being self-signed, what other reason could there be?
Birl: All my other self-signed certificates worked in the past with the same
Birl: version of Apache, but an earlier version of openssl.
I finally got around to correcting this. OpenSSL conflict.
The earlier version of openssl compiled into Apache didnt like my
self-signed certificate with the later version of openssl.
Once I re-compiled Apache, everything worked like a charm.
I figured Id share.
-- Birl
Please do not CC me responses to my own posts.
I'll read the responses on the list.
Archives http://mail-archives.apache.org/mod_mbox/httpd-users/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.2.4 self-signed SSL problem with openssl
0.9.8e on Solaris 10
Posted by "S.A. Birl" <sb...@temple.edu>.
On Aug 9, 2007, Dragon (nospam-dragon@crimson-dragon.com.ns) typed:
Dragon: S.A. Birl wrote:
Dragon: > Greetings all:
Dragon: >
Dragon: > I recently upgraded my server from Solaris 9 to Solaris 10.
Dragon: > I restored my self-signed CRT and privkey.pem from backup,
Dragon: > and restored all of my Apache files (minus the binaries) from
Dragon: > backup too. Re-compiled httpd (just in case) and started it up.
Dragon: >
Dragon: > Apache asked for the passphrase and accepted it, but my web browsers
Dragon: > wont connect to it. SeaMonkey says "Data Transfer Interrupted"
Dragon: >
Dragon: > https://concept.temple.edu/
Dragon: >
Dragon: > Generating a new CSR and CRT with openssl 0.9.8e and tried again.
Dragon: > Same result.
Dragon: >
Dragon: > Nothing in the error log; nothing in the access log, but lsof says
Dragon: > httpd is listening on 443.
Dragon: >
Dragon: > Im baffled. What could I be over-looking?
Dragon: >
Dragon: >
Dragon: > Thanks
Dragon: > Birl
Dragon: ---------------- End original message. ---------------------
Dragon:
Dragon: The site came up in my browser (IE7) but showed a certificate error.
Dragon: The error is that the certificate is not signed by a trusted authority.
Yes, that's why I said in the OP that it was "self-signed".
Interesting that it came up in IE7, as I confirmed it myself.
So other than it being self-signed, what other reason could there be?
All my other self-signed certificates worked in the past with the same
version of Apache, but an earlier version of openssl.
Thanks
Birl
Please do not CC me responses to my own posts.
I'll read the responses on the list.
Archives http://mail-archives.apache.org/mod_mbox/httpd-users/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.2.4 self-signed SSL problem with
openssl 0.9.8e on Solaris 10
Posted by Dragon <dr...@crimson-dragon.com>.
S.A. Birl wrote:
>Greetings all:
>
>I recently upgraded my server from Solaris 9 to Solaris 10.
>I restored my self-signed CRT and privkey.pem from backup,
>and restored all of my Apache files (minus the binaries) from
>backup too. Re-compiled httpd (just in case) and started it up.
>
>Apache asked for the passphrase and accepted it, but my web browsers
>wont connect to it. SeaMonkey says "Data Transfer Interrupted"
>
>https://concept.temple.edu/
>
>Generating a new CSR and CRT with openssl 0.9.8e and tried again.
>Same result.
>
>Nothing in the error log; nothing in the access log, but lsof says
>httpd is listening on 443.
>
>Im baffled. What could I be over-looking?
>
>
>Thanks
> Birl
---------------- End original message. ---------------------
The site came up in my browser (IE7) but showed a certificate error.
The error is that the certificate is not signed by a trusted authority.
Dragon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org