[CentOS] Re: self signed ssl cert on C5

Thu Oct 25 22:45:44 UTC 2007
Tom Diehl <tdiehl at rogueind.com>

On Thu, 25 Oct 2007, Kai Schaetzl wrote:

> Tom Diehl wrote on Thu, 25 Oct 2007 14:54:19 -0400 (EDT):
>
>> error 18 at 0 depth lookup:self signed certificate
>> OK
>> (roadrunner pts1) #
>>
>> Am I correct that the above error is normal for a self signed cert?
>
> Seems so, yes. I get the same. I think your cert is okay. Your errors are
> all about *client* certificates, so the problem is with the certificate
> the client presents, not with the one you configured for the server.
> You seem to require a client certificate and either the client doesn't
> present you one or one that can't get verified. My knowledge about client
> certificates is limited, so I'm not sure about the exact reason.

I do not understand this either. I have done this a bunch of times on 
el3 and el4 machines and it "just works". Something seems to be fubar
on the el5 machine. I even tried several different client machines and
browsers with the same result. FWIW, the machine is a new install, so this
is the first time I tried to activate ssl. rpm -V on mod_ssl shows nothing.

Could this be some kind of multiarch problem? FWIW, I have the following
openssl packages installed on the machine:

(roadrunner pts1) # yum list openssl\*
...
Installed Packages
openssl.x86_64                           0.9.8b-8.3.el5_0.2     installed
openssl-devel.x86_64                     0.9.8b-8.3.el5_0.2     installed
openssl-perl.x86_64                      0.9.8b-8.3.el5_0.2     installed
openssl097a.x86_64                       0.9.7a-9               installed

Available Packages
openssl.i686                             0.9.8b-8.3.el5_0.2     updates
openssl-devel.i386                       0.9.8b-8.3.el5_0.2     updates
(roadrunner pts1) #

I am really at a loss on this one.

Regards,

-- 
Tom Diehl		tdiehl at rogueind.com		Spamtrap address mtd123 at rogueind.com