From owner-freebsd-questions Thu Nov 9 10:22:26 2000 Delivered-To: freebsd-questions@freebsd.org Received: from ducky.nz.freebsd.org (ns1.unixathome.org [203.79.82.27]) by hub.freebsd.org (Postfix) with ESMTP id 1788D37B479 for ; Thu, 9 Nov 2000 10:22:23 -0800 (PST) Received: from wocker (wocker.int.nz.freebsd.org [192.168.0.99]) by ducky.nz.freebsd.org (8.9.3/8.9.3) with ESMTP id HAA64242 for ; Fri, 10 Nov 2000 07:22:19 +1300 (NZDT) Message-Id: <200011091822.HAA64242@ducky.nz.freebsd.org> From: "Dan Langille" Organization: langille.org To: freebsd-questions@freebsd.org Date: Fri, 10 Nov 2000 07:21:54 +1300 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: certficiate problems with OpenSSL Reply-To: dan@langille.org X-mailer: Pegasus Mail for Win32 (v3.12c) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Under FreeBSD 4.1-stable, I just installed apache+mod_ssl-1.3.14+2.7.1 When I try to browse to this server, I get the following message from Netscape: "SSL has recieved an error from the server indicating an incorrect Message Authentication Code. This could indicate a network error, a bad server implementation, or a security violation." Associated with the above message are the following lines from /var/log/apache_error_log: [error] mod_ssl: SSL handshake failed (server new.host.name:443, client 192.168.0.99) (OpenSSL library error follows) [error] OpenSSL: error:0407106B::lib(4) :func(113) :reason(107) [error] OpenSSL: error:04065072::lib(4) :func(101) :reason(114) [error] OpenSSL: error:1408F071::lib(20) :SSL3_GET_RECORD:bad mac decode [Hint: Browser still remembered details of a re-created server certificate?] And following the instructions for creating a real SSL server Certificate as found in the mod_ssl manual, I issued the following command, which failed. Any clues? # openssl genrsa -des3 -out server.key 1024 1120 semi-random bytes loaded Generating RSA private key, 1024 bit long modulus .....+++++ ....x...........+++++ e is 65537 (0x10001) Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: Verify failure 64231:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/ pem_lib.c:99: 64231:error:0906906F:PEM routines:PEM_ASN1_write_bio:read key:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/pem/pem_li b.c:315: -- Dan Langille The FreeBSD Diary - http://www.freebsddiary.org/ FreshPorts - http://freshports.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message