Hi Tom, the location of SSL certificates changed from C4 to C5, certificates are located in /etc/pki/tls on C5. Apache is also a newer version on C5 (2.2 , 2.0 in C4). You should check your configs manually and change them accordingly. I can help you if you post your C4 config. Regards, Michel van Deventer On Fri, 2008-03-28 at 18:37 -0400, Tom Diehl wrote: > Hi, > > I have a c4 server that I am trying to migrate an ssl site over to a new C5 > machine with all of the updates. The certificate is an equifax cert and works > as advertised on the C4 server. When I move it over to the C5 machine I get > error in firefox that says error code -12227 which > http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html says is > an SSL_ERROR_HANDSHAKE_FAILURE_ALERT. In addition it says that this means > that "SSL peer was unable to negotiate an acceptable set of security > parameters." > > If I try to open the site in IE, it prompts for a client certificate. This > fails because I am not using client certs. > > In the apache config for ssl.conf I have "SSLVerifyClient none". I have also > tried setting it to "optional" with the same results. > > In the past moving these sites to a different machine was as simple as > copying the certs and the config files over to the new machine, reloading > httpd and everyting just worked. Is there something different about ssl on > C5? Does anyone know a good way to troubleshoot this. > > Google and the docs are not helping. > > What am I missing? > > Regards, >