LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 10-09-2004, 04:52 AM   #1
dominant
Member
 
Registered: Jan 2004
Posts: 409

Rep: Reputation: 30
openssl log


I have setup Apache and mod_ssl, openssl

in the error log of https i found that reccord

Code:
[Fri Oct  8 07:34:20 2004] [error] OpenSSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[Fri Oct  8 11:07:29 2004] [error] mod_ssl: SSL handshake failed (server server.com:443, client A.B.C.D) (OpenSSL library error follows)
Do you know what that means?
Somebody tried to alter the certificate?
 
Old 10-10-2004, 06:47 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,744
Blog Entries: 54

Rep: Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973
If this is a self-signed cert, then the daemon probably doesn't have access to the certificate authority (CA) data to verify which CA the cert is talking about. If the daemon can't read default location /usr/share/ssl/your-CA-files/ then you could copy the CA data to the appropriate daemon config (sub)dir. Make sure permissions on the files should be as restrictive as possible.
 
Old 10-10-2004, 08:24 AM   #3
dominant
Member
 
Registered: Jan 2004
Posts: 409

Original Poster
Rep: Reputation: 30
So you mean that the directory that contains the .crt and .key files must be accessible by the Apache?
 
Old 10-12-2004, 05:37 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,744
Blog Entries: 54

Rep: Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973
yes
 
Old 10-13-2004, 02:50 AM   #5
dominant
Member
 
Registered: Jan 2004
Posts: 409

Original Poster
Rep: Reputation: 30
It is (readable by Apache). But that erroe persists, however.
 
Old 10-14-2004, 04:50 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,744
Blog Entries: 54

Rep: Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973
OK. Give us the details, maybe someone is willing to try and reproduce it.
 
Old 10-15-2004, 03:43 AM   #7
dominant
Member
 
Registered: Jan 2004
Posts: 409

Original Poster
Rep: Reputation: 30
You mean someone at the client side. Therefore i cannot do anything more, or not?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Could not find working OpenSSL library, please install or check config.log -newb ques botman Suse/Novell 4 10-19-2005 06:03 PM
Openssl velan Programming 1 05-16-2005 01:28 AM
OpenSSL Chiel Linux - Newbie 1 09-03-2004 05:52 PM
openssl abdullahgee Linux - Security 2 06-04-2004 02:36 PM
openssl sailaw Linux - General 1 01-25-2003 04:29 AM


All times are GMT -5. The time now is 02:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration