ssl_error_handshake_failure_alert on https site - localhost
Hi all,
I am trying to configure local https server but I get this message: "ssl_error_handshake_failure_alert" I configured my apache and make cert and key files from this article, following section 1B: http://www.tc.umn.edu/~brams006/selfsign.html I try to add server.crt and ca.crt files in firefox, but it didn't help. I googled and didn't find any information. I try also with 1024bit key. Can anyone suggest something? |
Initially I'd suggest increasing logging and looking at things in more detail. A good way is to use a tool like curl with the -v option to see what a client thinks about the certificate. Most common thing would be something like a host name mismatch or a broken ca chain.
|
As you suppose ca.crt is broken or something. I try to build it agian from the how-to. Unfortunately Same error occurs and I have no idea what to do.
Here is what curl give Code:
debian:/etc/ssl/ssl.crt# curl -v https://localhost Code:
debian:/etc/ssl/ssl.crt# curl -k -v https://localhost Code:
openssl genrsa -des3 -out ca.key 4096 |
Hmm, add a few more -v's, I'd guess that it could be something like your server not providing a suitable cipher suite to agree on. Personally my style would be to capture the exchange in wireshark and step through it in real detail there. Can you print out the cert? "openssl x509 -noout -text -in server.crt" if i remember right.
|
Here is the output
Code:
debian:/etc/ssl/ssl.crt# openssl x509 -noout -text -in server.crt |
Incorrect time maybe,.....
make sure you have the correct time settings,
correct time server config in /etc/ntp.conf service ntpd stop ntpdate time.server.com service ntpd start hwclock –systohc #check: ntpq –p date |
Today when I start the pc the previous error didn't appear. On its place I get this when run curl
Code:
debian:/etc/apache2/sites-enabled# curl -v https://localhost I didn't have ntp installed. I installed in and try to run some of the commands you provide, but I get errors(I am not so skilled). I try to change the date of the pc since I barely remember I do that when I configure openvpn with ssl on other machine and there that was the problem. I try to change the date with few days ahead and beyond the current date, but that didn't helped. I think handshake is OK now(maybe after restart). What is that with the unknown protocol thing? |
All times are GMT -5. The time now is 05:40 AM. |