Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 10 Nov 2000 07:21:54 +1300
From:      "Dan Langille" <dan@langille.org>
To:        freebsd-questions@freebsd.org
Subject:   certficiate problems with OpenSSL
Message-ID:  <200011091822.HAA64242@ducky.nz.freebsd.org>

next in thread | raw e-mail | index | archive | help
Under FreeBSD 4.1-stable, I just installed apache+mod_ssl-1.3.14+2.7.1

When I try to browse to this server, I get the following message from 
Netscape:

"SSL has recieved an error from the server indicating an incorrect 
Message Authentication Code.  This could indicate a network error, a 
bad server implementation, or a security violation."

Associated with the above message are the following lines from 
/var/log/apache_error_log:

[error] mod_ssl: SSL handshake failed (server new.host.name:443, 
client 192.168.0.99) (OpenSSL library error follows)
[error] OpenSSL: error:0407106B::lib(4) :func(113) :reason(107)
[error] OpenSSL: error:04065072::lib(4) :func(101) :reason(114)
[error] OpenSSL: error:1408F071::lib(20) :SSL3_GET_RECORD:bad 
mac decode [Hint: Browser still remembered details of a re-created 
server certificate?]

And following the instructions for creating a real SSL server Certificate 
as found in the mod_ssl manual, I issued the following command, which 
failed.

Any clues?

# openssl genrsa -des3 -out server.key 1024 
1120 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
.....+++++
....x...........+++++
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
Verify failure
64231:error:0906406D:PEM routines:DEF_CALLBACK:problems getting 
password:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/
pem_lib.c:99:
64231:error:0906906F:PEM routines:PEM_ASN1_write_bio:read 
key:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_li
b.c:315:
--
Dan Langille
The FreeBSD Diary - http://www.freebsddiary.org/
FreshPorts        - http://freshports.org/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011091822.HAA64242>