On (29/05/06 11:22), Hans du Plooy wrote: > Hi guys, > > I setup ISPconfig on Debian Sarge, and when trying to log into the web > interface, I get the following message from Firefox: > > "Could not establish an encrypted connection because certificate > presented by server.domain.tld is invalid or corrupted. Error Code: > -8182" > > Konqueror warns me that there's a problem, but allows me to go ahead > anyway, and the webinterface works fine. So it looks like a pure > certificate problem, not any problem with ISPconfig itself. There is a > solution to this problem - recreating the certificates, but I've done > that and it doesn't solve the problem. > > Has anyone seen this before, know where to look? >
I'm not sure that I have seen this error before, but the following things might help. openssl verify -verbose /path/to/cert Check that the server has the key corresponding to the certificate available. openssl x509 -text -noout -in /path/to/cert http://www.google.co.uk/search?q=%22Error+Code%3A+-8182%22 openssl s_client -host server.domain.tld -port 443 If the last one starts to work then complains about not being able to verify a certificate, and you use CA certificates look at the options for s_client and provide the necessary certificates so it can verify. If you use certificate directories in your apache config use c_rehash on the directory (make sure it prints some output). I saw a problem the other day where I generated certs on one system using sha256, then moved them to another system using an older openssl which didn't have sha256, which caused some strange errors. Are you using two different openssl versions. Also are you using openssl or gnutls at each end? I assume you meant this? http://www.howtoforge.com/faq/14_63_en.html Hope this helps, James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
