You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "S.A. Birl" <sb...@temple.edu> on 2007/08/23 21:16:52 UTC

[users@httpd] Fixed. Apache 2.2.4 self-signed SSL problem with openssl 0.9.8e on Solaris 10

On Aug 10, 2007, S.A. Birl (nospam-sbirl+Apache-List@temple.edu.ns) typed:

Birl:  On Aug 9, 2007, Dragon (nospam-dragon@crimson-dragon.com.ns) typed:
Birl:
Birl:  Dragon:  S.A. Birl wrote:
Birl:  Dragon:  >  Greetings all:
Birl:  Dragon:  >
Birl:  Dragon:  >  I recently upgraded my server from Solaris 9 to Solaris 10.
Birl:  Dragon:  >  I restored my self-signed CRT and privkey.pem from backup,
Birl:  Dragon:  >  and restored all of my Apache files (minus the binaries) from
Birl:  Dragon:  >  backup too.  Re-compiled httpd (just in case) and started it up.
Birl:  Dragon:  >
Birl:  Dragon:  >  Apache asked for the passphrase and accepted it, but my web browsers
Birl:  Dragon:  >  wont connect to it.  SeaMonkey says "Data Transfer Interrupted"
Birl:  Dragon:  >
Birl:  Dragon:  >  https://concept.temple.edu/
Birl:  Dragon:  >
Birl:  Dragon:  >  Generating a new CSR and CRT with openssl 0.9.8e and tried again.
Birl:  Dragon:  >  Same result.
Birl:  Dragon:  >
Birl:  Dragon:  >  Nothing in the error log; nothing in the access log, but lsof says
Birl:  Dragon:  >  httpd is listening on 443.
Birl:  Dragon:  >
Birl:  Dragon:  >  Im baffled.  What could I be over-looking?
Birl:  Dragon:  >
Birl:  Dragon:  >
Birl:  Dragon:  >  Thanks
Birl:  Dragon:  >   Birl
Birl:  Dragon:  ---------------- End original message. ---------------------
Birl:  Dragon:
Birl:  Dragon:  The site came up in my browser (IE7) but showed a certificate error.
Birl:  Dragon:  The error is that the certificate is not signed by a trusted authority.
Birl:
Birl:
Birl:
Birl:  Yes, that's why I said in the OP that it was "self-signed".
Birl:
Birl:  Interesting that it came up in IE7, as I confirmed it myself.
Birl:  So other than it being self-signed, what other reason could there be?
Birl:  All my other self-signed certificates worked in the past with the same
Birl:  version of Apache, but an earlier version of openssl.



I finally got around to correcting this.  OpenSSL conflict.

The earlier version of openssl compiled into Apache didnt like my
self-signed certificate with the later version of openssl.

Once I re-compiled Apache, everything worked like a charm.

I figured Id share.

-- Birl

Please do not CC me responses to my own posts.
I'll read the responses on the list.

Archives   http://mail-archives.apache.org/mod_mbox/httpd-users/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org