tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GOMEZ Henri <hgo...@slib.fr>
Subject RE: SSL handshake failure URGENT
Date Fri, 15 Jun 2001 10:23:39 GMT
Could you retry with openssl s_client in full debug mode ?

-
Henri Gomez                 ___[_]____
EMAIL : hgomez@slib.fr        (. .)                     
PGP KEY : 697ECEDD    ...oOOo..(_)..oOOo...
PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 



>-----Original Message-----
>From: Jean-Etienne G. [mailto:jeg_ml@voila.fr]
>Sent: Friday, June 15, 2001 12:21 PM
>To: tomcat-user@jakarta.apache.org
>Subject: RE: SSL handshake failure URGENT
>
>
>So, every seems to be well configured, but I always get this
>handshake error, what could be the problem in that case ?
>
># openssl s_client -connect 127.0.0.1:8443 -cert cl_cert.pem 
>-key cl_key.pem -state         
>Enter PEM pass phrase:
>CONNECTED(00000003)
>SSL_connect:before/connect initialization
>SSL_connect:SSLv2/v3 write client hello A
>SSL3 alert read:fatal:handshake failure
>SSL_connect:error in SSLv2/v3 read server hello A
>
>
>> >ok now it's done, but same error
>> >HandShake Failure
>> >
>> >I made the new server request, the new server certification, 
>> >the new server x509 conversion, and the new server into tomcat 
>> >keystore importation
>> >
>> >(I send you the new server certificate)
>> >
>> >must we also replace to CN of the client ? (I didn't do it)
>> >maybe the CN of the CA ?
>> >
>> CN of you client could be what you want....
>> 
>> >
>> >> The problem is in the CN of the server cert :
>> >> 
>> >> replace CN=server by CN=thehostname !!!
>> >> 
>> >> Certificate:
>> >>     Data:
>> >>         Version: 3 (0x2)
>> >>         Serial Number: 2 (0x2)
>> >>         Signature Algorithm: md5WithRSAEncryption
>> >>         Issuer: C=FR, ST=France, L=Genvilliers, O=THE_ORG, 
>> >OU=UNIT, CN=ca
>> >>         Validity
>> >>             Not Before: Jun 14 08:47:55 2001 GMT
>> >>             Not After : Jun 14 08:47:55 2002 GMT
>> >>         Subject: C=FR, ST=France, O=THE_ORG, OU=UNIT, CN=server
>> >>         Subject Public Key Info:
>> >>             Public Key Algorithm: rsaEncryption
>> >>             RSA Public Key: (1024 bit)
>> >>                 Modulus (1024 bit):
>> >>                     00:f2:bc:0c:53:78:d3:08:85:b3:e1:70:7c:a8:d1:
>> >>                     f1:64:49:37:e0:83:48:ac:5c:18:51:93:fd:31:49:
>> >>                     12:24:3a:57:13:e0:3a:97:25:ee:29:f5:16:f2:da:
>> >>                     a7:fc:84:89:f6:50:53:2c:09:2a:a9:f5:91:b8:33:
>> >>                     a5:ec:2f:16:07:b8:bf:60:01:06:aa:cc:be:fd:a9:
>> >>                     85:04:22:25:2b:16:4d:49:b4:11:bc:0a:68:1c:95:
>> >>                     6c:a6:ad:8c:f4:ef:30:11:41:6e:cf:3b:ca:a6:6a:
>> >>                     e9:1b:bf:41:28:b0:5e:c8:03:8c:cb:22:ce:80:38:
>> >>                     3b:c3:9f:ac:e3:5e:77:cb:7b
>> >>                 Exponent: 65537 (0x10001)
>> >>         X509v3 extensions:
>> >>             X509v3 Basic Constraints: 
>> >>                 CA:FALSE
>> >>             Netscape Comment: 
>> >>                 OpenSSL Generated Certificate
>> >>             X509v3 Subject Key Identifier: 
>> >>                 
>> >44:3C:48:E2:82:B6:77:02:B1:90:84:D3:B0:CD:0C:18:6E:81:9F:7E
>> >>             X509v3 Authority Key Identifier: 
>> >>  
>> >> keyid:85:64:41:58:57:5F:91:5E:E1:A7:85:6B:CB:B7:F4:03:C4:F9:A8:31
>> >>  
>> >> DirName:/C=FR/ST=France/L=Genvilliers/O=THE_ORG/OU=UNIT/CN=ca
>> >>                 serial:00
>> >> 
>> >>     Signature Algorithm: md5WithRSAEncryption
>> >>         05:0a:10:ec:dd:04:9e:8d:bb:98:2d:82:8f:c5:a0:f7:6b:06:
>> >>         97:52:c0:a2:c0:f2:25:8c:81:41:a5:80:f2:1e:72:da:a5:d2:
>> >>         28:df:44:77:0f:6b:df:9a:1e:06:c7:83:6a:7d:40:89:96:1f:
>> >>         be:f5:2b:b2:fc:4c:91:a9:0c:89:e8:00:37:d5:a1:ab:a8:82:
>> >>         7b:92:d9:ba:e9:1b:57:3d:32:62:96:ba:29:1d:3f:9b:83:64:
>> >>         b8:92:37:74:16:4d:3f:be:bf:cf:25:70:03:05:06:de:d2:52:
>> >>         94:ff:6a:fc:0c:32:ef:aa:ab:63:6d:e1:77:56:fc:3f:32:c6:
>> >>         20:a8
>> >> 
>> >> 
>> >> 
>> >> -
>> >> Henri Gomez                 ___[_]____
>> >> EMAIL : hgomez@slib.fr        (. .)                     
>> >> PGP KEY : 697ECEDD    ...oOOo..(_)..oOOo...
>> >> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 
>> >> 
>> >
>> >
>> >__________________________________________________
>> >Voila vous propose une boite aux lettres gratuite sur Voila Mail:
>> >http://mail.voila.fr
>> >
>> >
>> 
>
>__________________________________________________
>Voila vous propose une boite aux lettres gratuite sur Voila Mail:
>http://mail.voila.fr
>
>
>

Mime
View raw message