[CentOS] Re: self signed ssl cert on C5

Thu Oct 25 22:37:45 UTC 2007
Tom Diehl <tdiehl at rogueind.com>

On Thu, 25 Oct 2007, Paul Heinlein wrote:

> On Thu, 25 Oct 2007, Tom Diehl wrote:
>
>> Ok, So I changed the Makefile from localhost to match the actual hostname 
>> of the machine. I then ran "make testcert" as suggested above and answered 
>> the questions as appropriate. It then generated the cert without errors. I 
>> then modified ssl.conf to point to the .key file and the .crt file, 
>> restarted apache.
>> 
>> Everything looked OK in the logs. I then pointed a browser at the machine 
>> and I got the following errors in the ssl error log:
>> 
>> [Thu Oct 25 14:31:25 2007] [debug] ssl_engine_kernel.c(1770): OpenSSL: 
>> Write: SSLv3 read client certificate B
>> [Thu Oct 25 14:31:25 2007] [debug] ssl_engine_kernel.c(1789): OpenSSL: 
>> Exit: error in SSLv3 read client certificate B
>> [Thu Oct 25 14:31:25 2007] [debug] ssl_engine_kernel.c(1789): OpenSSL: 
>> Exit: error in SSLv3 read client certificate B
>
> Is SELinux enabled? Does your cert have the correct security context type 
> (probably httpd_config_t)?

I set SELinux to permissive to be sure it was out of the way before I posted.
In addition the context on the certs is root:object_r:cert_t which looks
correct to me.

Regards,

-- 
Tom Diehl		tdiehl at rogueind.com		Spamtrap address mtd123 at rogueind.com