[CentOS] Re: self signed ssl cert on C5
Tom Diehl
tdiehl at rogueind.com
Thu Oct 25 22:45:44 UTC 2007
On Thu, 25 Oct 2007, Kai Schaetzl wrote:
> Tom Diehl wrote on Thu, 25 Oct 2007 14:54:19 -0400 (EDT):
>
>> error 18 at 0 depth lookup:self signed certificate
>> OK
>> (roadrunner pts1) #
>>
>> Am I correct that the above error is normal for a self signed cert?
>
> Seems so, yes. I get the same. I think your cert is okay. Your errors are
> all about *client* certificates, so the problem is with the certificate
> the client presents, not with the one you configured for the server.
> You seem to require a client certificate and either the client doesn't
> present you one or one that can't get verified. My knowledge about client
> certificates is limited, so I'm not sure about the exact reason.
I do not understand this either. I have done this a bunch of times on
el3 and el4 machines and it "just works". Something seems to be fubar
on the el5 machine. I even tried several different client machines and
browsers with the same result. FWIW, the machine is a new install, so this
is the first time I tried to activate ssl. rpm -V on mod_ssl shows nothing.
Could this be some kind of multiarch problem? FWIW, I have the following
openssl packages installed on the machine:
(roadrunner pts1) # yum list openssl\*
...
Installed Packages
openssl.x86_64 0.9.8b-8.3.el5_0.2 installed
openssl-devel.x86_64 0.9.8b-8.3.el5_0.2 installed
openssl-perl.x86_64 0.9.8b-8.3.el5_0.2 installed
openssl097a.x86_64 0.9.7a-9 installed
Available Packages
openssl.i686 0.9.8b-8.3.el5_0.2 updates
openssl-devel.i386 0.9.8b-8.3.el5_0.2 updates
(roadrunner pts1) #
I am really at a loss on this one.
Regards,
--
Tom Diehl tdiehl at rogueind.com Spamtrap address mtd123 at rogueind.com
More information about the CentOS
mailing list