Re: Certificate problem
On (29/05/06 11:22), Hans du Plooy wrote:
> Hi guys,
> I setup ISPconfig on Debian Sarge, and when trying to log into the web
> interface, I get the following message from Firefox:
> "Could not establish an encrypted connection because certificate
> presented by server.domain.tld is invalid or corrupted. Error Code:
> Konqueror warns me that there's a problem, but allows me to go ahead
> anyway, and the webinterface works fine. So it looks like a pure
> certificate problem, not any problem with ISPconfig itself. There is a
> solution to this problem - recreating the certificates, but I've done
> that and it doesn't solve the problem.
> Has anyone seen this before, know where to look?
I'm not sure that I have seen this error before, but the following
things might help.
openssl verify -verbose /path/to/cert
Check that the server has the key corresponding to the certificate
openssl x509 -text -noout -in /path/to/cert
openssl s_client -host server.domain.tld -port 443
If the last one starts to work then complains about not being able to
verify a certificate, and you use CA certificates look at the options
for s_client and provide the necessary certificates so it can verify.
If you use certificate directories in your apache config use c_rehash on
the directory (make sure it prints some output).
I saw a problem the other day where I generated certs on one system
using sha256, then moved them to another system using an older openssl
which didn't have sha256, which caused some strange errors. Are you
using two different openssl versions.
Also are you using openssl or gnutls at each end?
I assume you meant this?
Hope this helps,