Hi Michel, On Sat, 29 Mar 2008, Michel van Deventer wrote: > Hi Tom, > > the location of SSL certificates changed from C4 to C5, certificates are > located in /etc/pki/tls on C5. Apache is also a newer version on C5 > (2.2 , 2.0 in C4). You should check your configs manually and change > them accordingly. I can help you if you post your C4 config. Thanks for the offer. I figured out the problem after a few more hours. A while back I was trying to get Koji working on the same machine but I never succeeded. I gave up on it but forgot to nuke the broken ssl configs. Once I nuked the broken Koji configs, the ssl enabled virtual hosts started working. It turns out that with the exception of the ssl cert locations, the same settings I used on the C4 box will also work on the C5 box. Regards, -- Tom Diehl tdiehl at rogueind.com Spamtrap address mtd123 at rogueind.com > > Regards, > > Michel van Deventer > > On Fri, 2008-03-28 at 18:37 -0400, Tom Diehl wrote: >> Hi, >> >> I have a c4 server that I am trying to migrate an ssl site over to a new C5 >> machine with all of the updates. The certificate is an equifax cert and works >> as advertised on the C4 server. When I move it over to the C5 machine I get >> error in firefox that says error code -12227 which >> http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html says is >> an SSL_ERROR_HANDSHAKE_FAILURE_ALERT. In addition it says that this means >> that "SSL peer was unable to negotiate an acceptable set of security >> parameters." >> >> If I try to open the site in IE, it prompts for a client certificate. This >> fails because I am not using client certs. >> >> In the apache config for ssl.conf I have "SSLVerifyClient none". I have also >> tried setting it to "optional" with the same results. >> >> In the past moving these sites to a different machine was as simple as >> copying the certs and the config files over to the new machine, reloading >> httpd and everyting just worked. Is there something different about ssl on >> C5? Does anyone know a good way to troubleshoot this. >> >> Google and the docs are not helping. >> >> What am I missing? >> >> Regards, >> > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >