On Thu, 25 Oct 2007, Paul Heinlein wrote:
On Thu, 25 Oct 2007, Tom Diehl wrote:
Ok, So I changed the Makefile from localhost to match the actual hostname
of the machine. I then ran "make testcert" as suggested above and answered
the questions as appropriate. It then generated the cert without errors. I
then modified ssl.conf to point to the .key file and the .crt file,
restarted apache.
Everything looked OK in the logs. I then pointed a browser at the machine
and I got the following errors in the ssl error log:
[Thu Oct 25 14:31:25 2007] [debug] ssl_engine_kernel.c(1770): OpenSSL:
Write: SSLv3 read client certificate B
[Thu Oct 25 14:31:25 2007] [debug] ssl_engine_kernel.c(1789): OpenSSL:
Exit: error in SSLv3 read client certificate B
[Thu Oct 25 14:31:25 2007] [debug] ssl_engine_kernel.c(1789): OpenSSL:
Exit: error in SSLv3 read client certificate B
Is SELinux enabled? Does your cert have the correct security context type
(probably httpd_config_t)?
I set SELinux to permissive to be sure it was out of the way before I posted.
In addition the context on the certs is root:object_r:cert_t which looks
correct to me.
Regards,
--
Tom Diehl tdiehl@xxxxxxxxxxxx Spamtrap address mtd123@xxxxxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
