LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   openssl log (https://www.linuxquestions.org/questions/linux-security-4/openssl-log-240493/)

dominant 10-09-2004 03:52 AM

openssl log
 
I have setup Apache and mod_ssl, openssl

in the error log of https i found that reccord

Code:

[Fri Oct  8 07:34:20 2004] [error] OpenSSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
[Fri Oct  8 11:07:29 2004] [error] mod_ssl: SSL handshake failed (server server.com:443, client A.B.C.D) (OpenSSL library error follows)

Do you know what that means?
Somebody tried to alter the certificate?

unSpawn 10-10-2004 05:47 AM

If this is a self-signed cert, then the daemon probably doesn't have access to the certificate authority (CA) data to verify which CA the cert is talking about. If the daemon can't read default location /usr/share/ssl/your-CA-files/ then you could copy the CA data to the appropriate daemon config (sub)dir. Make sure permissions on the files should be as restrictive as possible.

dominant 10-10-2004 07:24 AM

So you mean that the directory that contains the .crt and .key files must be accessible by the Apache?

unSpawn 10-12-2004 04:37 PM

yes

dominant 10-13-2004 01:50 AM

It is (readable by Apache). But that erroe persists, however.

unSpawn 10-14-2004 03:50 PM

OK. Give us the details, maybe someone is willing to try and reproduce it.

dominant 10-15-2004 02:43 AM

You mean someone at the client side. Therefore i cannot do anything more, or not?


All times are GMT -5. The time now is 04:44 AM.