SSl Certificate problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi,

I have a c4 server that I am trying to migrate an ssl site over to a new C5
machine with all of the updates. The certificate is an equifax cert and works
as advertised on the C4 server. When I move it over to the C5 machine I get
error in firefox that says error code -12227 which http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html says is an SSL_ERROR_HANDSHAKE_FAILURE_ALERT. In addition it says that this means that "SSL peer was unable to negotiate an acceptable set of security
parameters."

If I try to open the site in IE, it prompts for a client certificate. This
fails because I am not using client certs.

In the apache config for ssl.conf I have "SSLVerifyClient none". I have also
tried setting it to "optional" with the same results.

In the past moving these sites to a different machine was as simple as
copying the certs and the config files over to the new machine, reloading
httpd and everyting just worked. Is there something different about ssl on
C5? Does anyone know a good way to troubleshoot this.

Google and the docs are not helping.

What am I missing?

Regards,

--
Tom Diehl		tdiehl@xxxxxxxxxxxx		Spamtrap address mtd123@xxxxxxxxxxxx

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux