On 17/05/10 13:36, Eric Covener wrote:
rvicinus@laprvicinus:~$ openssl x509 -in /etc/apache2/conf/www.aaa.at.crt -text | grep Subject: Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=www.aaa.atCan you show in one terminal session the contents of the two certificates (openssl x509 -in ... -text | grep Subject:) and the console output of s_client that includes the subject? According to one of the active SNI folks, your openssl invocation shouldn't even be providing the SNI extension (by default).
rvicinus@laprvicinus:~$ openssl x509 -in /etc/apache2/conf/www.aaa.de.crt -text | grep Subject: Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=www.aaa.de
rvicinus@laprvicinus:~$ openssl s_client -connect 10.137.1.104:9902
CONNECTED(00000003)
depth=0 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=www.aaa.at
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=www.aaa.at
verify return:1
---
Certificate chain
0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=www.aaa.at
i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=www.aaa.at
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICKzCCAZQCCQCCxKenRx3iHjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJB
VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
cyBQdHkgTHRkMRMwEQYDVQQDEwp3d3cuYWFhLmF0MB4XDTEwMDUxNjE4MDY1NloX
DTExMDUxNjE4MDY1NlowWjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3Rh
dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAxMK
d3d3LmFhYS5hdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5E3U6jkB8qLK
s5JUvzzr++Tw/POKpMQmPtXjgSjypcXCP4ckdCByULJve2fL9wR4ESWn4fsD1kJy
LbWlv/ZZxfrza7lrv5Ho/l2gVz/MBmeQbXLVs6JriwiXS8pISPxOdOEzoLbtib8t
Abu+521cKkgeRsSBuPFVzTcxbCbdBC8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAf
n97K6AoWDD1uvR4mtXGVGUycC/JLmZWSpmfEjHXDfn/PMj9lPbTLdmSB1QcAqwgY
ajBmKxs5ZEOREG46m++W5LLph92ZL3ze6Qi25k2Zr89cSOYF48yhllb9vo1KoPsb
Trf9QO804NI2Cok/K8pR4ZPr+MNlO6cXl1/4ohIPCQ==
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=www.aaa.at
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=www.aaa.at
---
No client certificate CA names sent
---
SSL handshake has read 1130 bytes and written 319 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID:
9C923E93124DDECF8B9D85D91898E8DD2AC19029A7FB0C0F53540407CEE4C7D7
Session-ID-ctx:
Master-Key:
2B12F0CFD2851431429FE3EF0A9241FB0B7BFC45223DE7C4AC29CA8B3752D83AE4BDA966D0EB46D126B4128C6AF67E73
Key-Arg : None
Start Time: 1274097529
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|