You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/06/28 05:04:01 UTC
DO NOT REPLY [Bug 21160] New: -
SSL certificate chain handling suddenly fails to work properly
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21160>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21160
SSL certificate chain handling suddenly fails to work properly
Summary: SSL certificate chain handling suddenly fails to work
properly
Product: Apache httpd-2.0
Version: 2.0.45
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Normal
Priority: Other
Component: mod_ssl
AssignedTo: bugs@httpd.apache.org
ReportedBy: d.tonhofer@m-plify.com
There is as yet not much information here, I will have to try a few things
first (next week, not today it's about 05:00). But here is what happens:
Apache has been configured with three IP-based virtual servers on three
different IP addresses. On each of these addresses, we have an SSL server, thus
three SSL servers in total.
One with a self-signed root CA certificate ROOT->C1->SSL virtual host
Two with an 'official' CA certificate ROOT->C1->C2->SSL virtual host
Everything has been configured, Apache has been happily chugging along...
But then...
After a restart, Apache goes through the SSL virtual servers and asks the
password for each of the three private keys (good). After this, it fails (bad)
with the following error in the error log:
"Failed to configure CA certificate chain!"
(Some additional info would have been of use, too)
The weird thing is that the configuration for SSL had not changed at all. Thus
the production server was suddenly dead in the water w/o reason.
Also, each of the SSL virtual servers work if they are the only ones in the
config file. Certain pairs also work, but not all.
Finally, 'openssl verify' does not find anything amiss with the CA chains.
So, that's all for now. More to follow (hopefully)
What is this server:
Apache/2.0.45 + mod_ssl/2.0.45 + OpenSSL/0.9.7b
on a RH7.3 OS with gcc-2.96-110 and glibc-2.2.5-39
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org