On Thu, 25 Oct 2007, Kai Schaetzl wrote:
Tom Diehl wrote on Thu, 25 Oct 2007 14:54:19 -0400 (EDT):
error 18 at 0 depth lookup:self signed certificate OK (roadrunner pts1) #
Am I correct that the above error is normal for a self signed cert?
Seems so, yes. I get the same. I think your cert is okay. Your errors are all about *client* certificates, so the problem is with the certificate the client presents, not with the one you configured for the server. You seem to require a client certificate and either the client doesn't present you one or one that can't get verified. My knowledge about client certificates is limited, so I'm not sure about the exact reason.
I do not understand this either. I have done this a bunch of times on el3 and el4 machines and it "just works". Something seems to be fubar on the el5 machine. I even tried several different client machines and browsers with the same result. FWIW, the machine is a new install, so this is the first time I tried to activate ssl. rpm -V on mod_ssl shows nothing.
Could this be some kind of multiarch problem? FWIW, I have the following openssl packages installed on the machine:
(roadrunner pts1) # yum list openssl* ... Installed Packages openssl.x86_64 0.9.8b-8.3.el5_0.2 installed openssl-devel.x86_64 0.9.8b-8.3.el5_0.2 installed openssl-perl.x86_64 0.9.8b-8.3.el5_0.2 installed openssl097a.x86_64 0.9.7a-9 installed
Available Packages openssl.i686 0.9.8b-8.3.el5_0.2 updates openssl-devel.i386 0.9.8b-8.3.el5_0.2 updates (roadrunner pts1) #
I am really at a loss on this one.
Regards,