--==_Exmh_1138031040_565P
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

and with explorer too.

Hello out there,

Ming.Yu=40jhuapl.edu said:
> had exactly the same problem when I compile my new Apache server (2.2.=

0)
> with mod_ssl. =A0To be short, I think you are using the packaged OpenSS=

L. =A0I
> fixed the problem by re-compiling the OpenSSL on the system with shared=


> option, but first remove the pre-installed OpenSSL package.=20

I've got the same problem. I compiled openssl-0.9.8a with Sun Forte Studi=
o 10.
doesn't matter, problem remains.

For the record. Created our own root-CA, signed it by himself,
Created server-certificate and signed it by the just created root-CA.
Loaded the root-CA into firefox/explorer and configured apache with the=20
server-certificate without errors.
firefox and explorer complain with unknown error, when initiated https-re=
quest.

On command-line, I've verified the certificate with
openssl verify -issuer_checks -CApath /var/opt/openssl /etc/opt/apache2/s=
sl.crt/server.crt

which results in
error 29 at 0 depth lookup:subject issuer mismatch

That seems the main problem.
Perhaps the creation of our root-CA/server-cert=20
process isn't correct. Or 0.9.8a isn't as tolerant as 0.9.7.
(we followed the same procedure, as with 0.9.7 a year ago.) So it's an=20
openssl-problem.

The web suggestes, that organisation-name of certificate and root-CA shou=
ld be=20
different in each/all parts of the name. But I'm a little bit unwilling t=
o=20
accept this argument, because it's unresonable to me. One difference shou=
ld be=20
sufficient. That the case in our process.

Thanks for commenting

Klaus

--=20
=22Sure, vi is user friendly.
It's just particular about who it makes friends with.=22 ;-)=20
_________________________
Klaus Elsbernd; System Administrator, BOFH =7C elsbernd=40dfki.uni=
-kl.de
Deutsches Forschungsz. f=FCr K=FCnstliche Intelligenz =7C DFKI GmbH, Geb.=
57/285
67657 Kaiserslautern; Germany Fernruf: 0631/205-3486 Fernbild: -3=
457



--==_Exmh_1138031040_565P
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (SunOS)
Comment: Exmh version 2.7.2 01/07/2005

iQCVAwUBQ9T5wGrOJahe3R7NAQLG/AP7B7sPgMsFnWjbhBX7yL6F6adJh00wHaWR
XYvXDLFyOiNserm9erdhIVwRPXfMLOdUyrHJ0DSiRGFQWTHqKq SbXNM9b8bCyDOn
iOwcReQFcjQfFKIIUM2uqLCDWBB+LLceaAGZrgHxAjIQ67m0Lp/AxfxfyPn+Cnxj
+tefh0CgN0M=
=ysKT
-----END PGP SIGNATURE-----

--==_Exmh_1138031040_565P--
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org