[CentOS] SSl Certificate problem

Tom Diehl

tdiehl at rogueind.com
Fri Mar 28 22:37:43 UTC 2008


Hi,

I have a c4 server that I am trying to migrate an ssl site over to a new C5
machine with all of the updates. The certificate is an equifax cert and works
as advertised on the C4 server. When I move it over to the C5 machine I get
error in firefox that says error code -12227 which 
http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html says is
an SSL_ERROR_HANDSHAKE_FAILURE_ALERT. In addition it says that this means 
that "SSL peer was unable to negotiate an acceptable set of security
parameters."

If I try to open the site in IE, it prompts for a client certificate. This
fails because I am not using client certs.

In the apache config for ssl.conf I have "SSLVerifyClient none". I have also
tried setting it to "optional" with the same results.

In the past moving these sites to a different machine was as simple as
copying the certs and the config files over to the new machine, reloading
httpd and everyting just worked. Is there something different about ssl on
C5? Does anyone know a good way to troubleshoot this.

Google and the docs are not helping.

What am I missing?

Regards,

-- 
Tom Diehl		tdiehl at rogueind.com		Spamtrap address mtd123 at rogueind.com




More information about the CentOS mailing list