[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSL received a record that exceeded the maximum permissible length



Yes, I imported the CA certificate in my browser.

At this point, I don't know if there is a problem with the certificate or the setup of Apache.

thanks,

On Sat, Feb 20, 2010 at 10:13 PM, Stephen Powell <zlinuxman@wowway.com> wrote:
On Sat, 20 Feb 2010 21:14:36 -0500 (EST), Bernard Fay wrote:
> I create a CA certificate and site certificate according to
> http://www.debian-administration.org/articles/618.
>
> I set it up in Apache under Debian Lenny.
>
> When I try to access the site, I receive the following message:
>
> Secure Connection Failed
> An error occurred during a connection to www.kingstongrant.com.
> SSL received a record that exceeded the maximum permissible length.
> (Error code: ssl_error_rx_record_too_long)
>
> What could be wrong?  Am I missing a module?  I have the following modules
> loaded in Apache.
>
> apache2ctl -M
> Loaded Modules:
> core_module (static)
> log_config_module (static)
> logio_module (static)
> mpm_prefork_module (static)
> http_module (static)
> so_module (static)
> alias_module (shared)
> auth_basic_module (shared)
> authn_file_module (shared)
> authz_default_module (shared)
> authz_groupfile_module (shared)
> authz_host_module (shared)
> authz_user_module (shared)
> autoindex_module (shared)
> cgi_module (shared)
> deflate_module (shared)
> dir_module (shared)
> env_module (shared)
> mime_module (shared)
> negotiation_module (shared)
> perl_module (shared)
> php5_module (shared)
> proxy_module (shared)
> proxy_http_module (shared)
> setenvif_module (shared)
> ssl_module (shared)
> status_module (shared)
> Syntax OK
>

You say you created a CA certificate and a site certificate on your site.
Let's call that site A.  So the web server on site A is using a site
certificate signed by a homemade CA certificate.  Now you try to do
a secure SSL connection to site A from site B.  But ...

Does site B have that homemade CA certificate installed in its
repository of trusted CAs?  If not, then it won't work.  I'm not sure
about a "record length exceeded" error; but I do know that if site
B does not have the CA certificate that signed the site certificate
that site A's web server is using installed in its database of trusted
CAs that TLS negotiation will certainly fail.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1018608095.13923661266721987968.JavaMail.root@md01.wow.synacor.com" target="_blank">http://lists.debian.org/1018608095.13923661266721987968.JavaMail.root@md01.wow.synacor.com



Reply to: