I was asked to renew an SSL certificate on our server, running Apache
2.0.52/Unix. So prior to me touching anything, the SSL stuff was
working.

I did a new CSR, generated a new key, and installed a new cert.crt
with appropriate changes to httpd.conf (I put them in a new
directory).

The test URL is this:

https://www.macnexus.org/customer/

Initially there was the error message (as presented via the above
URL) and the log had an ASN1 encoding error. I worked with Verisign
and we resolved the ASN1 encoding error.

However, the new certificate still will not work. The log shows:

Thu Oct 26 11:10:02 2006] [warn] Init: Session Cache is not
configured [hint: SSLSessionCache]
[Thu Oct 26 11:10:03 2006] [notice] Digest: generating secret for
digest authentication ...
[Thu Oct 26 11:10:03 2006] [notice] Digest: done
[Thu Oct 26 11:10:04 2006] [notice] Apache/2.0.52 (Unix) DAV/2
PHP/4.3.9 mod_ssl/2.0.52 OpenSSL/0.9.7i configured -- resuming normal
operations
[Thu Oct 26 11:10:56 2006] [error] [client 67.100.211.10] Invalid
method in request \x16\x03\x01
[Thu Oct 26 11:53:13 2006] [error] [client 24.10.96.107] Invalid
method in request \x80\x85\x01\x03\x01
[Thu Oct 26 11:53:13 2006] [error] [client 24.10.96.107] Invalid
method in request \x16\x03
[Thu Oct 26 11:53:36 2006] [error] [client 24.10.96.107] Invalid
method in request \x80\x85\x01\x03\x01
[Thu Oct 26 11:53:36 2006] [error] [client 24.10.96.107] Invalid
method in request \x16\x03
[Thu Oct 26 12:08:41 2006] [error] [client 205.178.191.148] Invalid
method in request \x16\x03\x01
[Thu Oct 26 12:33:35 2006] [error] [client 67.100.211.10] Invalid
method in request \x16\x03\x01


The whole thing is rather odd because this web site had working SSL
before I went to renew the certificate. The only thing I know is new
is that Verisign now (as of a month ago) requires you to install
their intermediate certificate and we never had to do that before.


I have reviewed httpd.conf and the 3 lines that would invoke ssl.conf
are commented out, so it is my belief that the server was working
before without loading ssl.conf settings. However I have tried
uncommenting out those lines just to see if anything changes, but it
really did not make a difference whether ssl.conf is called or not.

The httpd.conf does load mod_ssl in a one-line statement in there.

At this point I am baffled.

Bill Davies
Sacramento
my direct email is: bdavies - at - macnexus - dot - org
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org