Hi,
I have a c4 server that I am trying to migrate an ssl site over to a new C5
machine with all of the updates. The certificate is an equifax cert and works
as advertised on the C4 server. When I move it over to the C5 machine I get
error in firefox that says error code -12227 which
http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html says is
an SSL_ERROR_HANDSHAKE_FAILURE_ALERT. In addition it says that this means
that "SSL peer was unable to negotiate an acceptable set of security
parameters."
If I try to open the site in IE, it prompts for a client certificate. This
fails because I am not using client certs.
In the apache config for ssl.conf I have "SSLVerifyClient none". I have also
tried setting it to "optional" with the same results.
In the past moving these sites to a different machine was as simple as
copying the certs and the config files over to the new machine, reloading
httpd and everyting just worked. Is there something different about ssl on
C5? Does anyone know a good way to troubleshoot this.
Google and the docs are not helping.
What am I missing?
Regards,
--
Tom Diehl tdiehl@xxxxxxxxxxxx Spamtrap address mtd123@xxxxxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
