httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reinhard Vicinus <r.vici...@metaways.de>
Subject Re: [users@httpd] ssl certifikate mismatch
Date Mon, 17 May 2010 12:01:26 GMT
On 17/05/10 13:36, Eric Covener wrote:
> Can you show in one terminal session the contents of the two
> certificates (openssl x509 -in ... -text | grep Subject:) and the
> console output of s_client that includes the subject?
>
> According to one of the active SNI folks, your openssl invocation
> shouldn't even be providing the SNI extension (by default).
>    
rvicinus@laprvicinus:~$ openssl x509 -in 
/etc/apache2/conf/www.aaa.at.crt -text | grep Subject:
         Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, 
CN=www.aaa.at

rvicinus@laprvicinus:~$ openssl x509 -in 
/etc/apache2/conf/www.aaa.de.crt -text | grep Subject:
         Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, 
CN=www.aaa.de

rvicinus@laprvicinus:~$ openssl s_client -connect 10.137.1.104:9902
CONNECTED(00000003)
depth=0 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=www.aaa.at
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=www.aaa.at
verify return:1
---
Certificate chain
  0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=www.aaa.at
    i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=www.aaa.at
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICKzCCAZQCCQCCxKenRx3iHjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJB
VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
cyBQdHkgTHRkMRMwEQYDVQQDEwp3d3cuYWFhLmF0MB4XDTEwMDUxNjE4MDY1NloX
DTExMDUxNjE4MDY1NlowWjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3Rh
dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAxMK
d3d3LmFhYS5hdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5E3U6jkB8qLK
s5JUvzzr++Tw/POKpMQmPtXjgSjypcXCP4ckdCByULJve2fL9wR4ESWn4fsD1kJy
LbWlv/ZZxfrza7lrv5Ho/l2gVz/MBmeQbXLVs6JriwiXS8pISPxOdOEzoLbtib8t
Abu+521cKkgeRsSBuPFVzTcxbCbdBC8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAf
n97K6AoWDD1uvR4mtXGVGUycC/JLmZWSpmfEjHXDfn/PMj9lPbTLdmSB1QcAqwgY
ajBmKxs5ZEOREG46m++W5LLph92ZL3ze6Qi25k2Zr89cSOYF48yhllb9vo1KoPsb
Trf9QO804NI2Cok/K8pR4ZPr+MNlO6cXl1/4ohIPCQ==
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=www.aaa.at
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=www.aaa.at
---
No client certificate CA names sent
---
SSL handshake has read 1130 bytes and written 319 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
     Protocol  : TLSv1
     Cipher    : DHE-RSA-AES256-SHA
     Session-ID: 
9C923E93124DDECF8B9D85D91898E8DD2AC19029A7FB0C0F53540407CEE4C7D7
     Session-ID-ctx:
     Master-Key: 
2B12F0CFD2851431429FE3EF0A9241FB0B7BFC45223DE7C4AC29CA8B3752D83AE4BDA966D0EB46D126B4128C6AF67E73
     Key-Arg   : None
     Start Time: 1274097529
     Timeout   : 300 (sec)
     Verify return code: 18 (self signed certificate)




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message