LinkBack URL
About LinkBacks
Hello, I have an Ubuntu server running Apache Friend's XAMPP and I used to have several name based virtual hosts each with a different RSA SSL certificate from my own CA and it all worked just fine until I made my own Elliptic Curve CA using Openssl. I know there are no errors in the CA because I exported the client cert and the chain to a .pfx and installed it in the Microsoft certificate store on my laptop. Anyway, I get the error "Oops, no rsa or dsa server certificate found for domain". Here is the relevant config file:
I've googled the issue for hours but none of the information helped at all. The key is not encrypted as shown below:Code:NameVirtualHost *:443 SSLStrictSNIVHostCheck off <VirtualHost *:443> ServerName podaci.sgov.gov DocumentRoot /opt/lampp/htdocs/JWICS SSLEngine on SSLVerifyClient require SSLVerifyDepth 10 SSLProtocol +TLSv1 SSLCipherSuite ALL:!ADH:!EXPORT56:+RSA:-MD5:+3DES:+HIGH:+MEDIUM:!LOW:!SSLv2:+EXP:+eNULL:+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA SSLCertificateFile /opt/lampp/etc/ssl.crt/gov.crt SSLCertificateKeyFile /opt/lampp/etc/ssl.key/gov.key SSLCACertificateFile /opt/lampp/etc/ssl.crt/root.crt SSLCertificateChainFile /opt/lampp/etc/ssl.crt/chain.crt <FilesMatch "\.(cgi|shtml|pl|asp|php)$"> SSLOptions +StdEnvVars SSLOptions +ExportCertData </FilesMatch> BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 </VirtualHost>
The server's certificate:Code:-----BEGIN EC PRIVATE KEY----- ........[key contents]....... -----END EC PRIVATE KEY-----
intermediary server ca certCode:Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: ecdsa-with-SHA1 Issuer: C=HR, O=Podaci, GmbH., OU=IT, CN=PODACI Server CA Validity Not Before: Jun 22 06:10:53 2011 GMT Not After : Jun 20 06:10:53 2016 GMT Subject: C=HR, O=Podaci, GmbH., OU=IT, CN=PODACI CLASSIFIED S ERVER Subject Public Key Info: Public Key Algorithm: id-ecPublicKey EC Public Key: pub: 04:f5:6b:d2:c4:af:0a:cc:aa:c6:08:6c:3d:41:6a: d2:cb:ea:21:71:8e:2f:4b:37:b2:03:18:d5:63:84: 47:71:47:2a:2a:cb:ee:a7:62:14:2b:16:7d:e9:11: 77:a9:ab:24:99:56:5a:09:01:9b:32:64:0a:2c:cd: 53:d6:2f:e7:af ASN1 OID: prime256v1 X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: critical TLS Web Server Authentication, TLS Web Client Authent ication X509v3 Authority Key Identifier: keyid:84:9E:37:C9:DC:7F:51:43:09:48:13:DC:2A:7A:C2:79 :08:B7:63:47 DirName:/C=HR/O=Podaci, GmbH./OU=IT/CN=PODACI Root CA serial:02 X509v3 Subject Key Identifier: F7:98:E6:95:38:86:E7:10:4C:DF:3B:BE:27:75:D0:7D:D1:2F :B2:88 X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Alternative Name: critical DNS:podaci.sgov.gov, DNS:podaci.gov.ru, DNS:podaci.go v.rs X509v3 CRL Distribution Points: URI:http://podaci.co.uk/serverCA.crl Signature Algorithm: ecdsa-with-SHA1 30:45:02:21:00:a4:96:ca:26:8c:45:66:f8:a7:d4:7e:d4:1c: 98:23:39:26:80:f9:b4:d9:94:4d:c5:8f:6f:84:0d:91:7f:55: d4:02:20:63:1b:30:92:89:a6:8d:b2:13:7c:fc:3f:02:84:81: 50:a3:90:f6:6a:7a:71:45:fe:82:3e:3a:11:bb:4b:58:57
root ca certCode:Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: ecdsa-with-SHA1 Issuer: C=HR, O=Podaci, GmbH., OU=IT, CN=PODACI Root CA Validity Not Before: Jun 22 06:05:50 2011 GMT Not After : Jun 20 06:05:50 2016 GMT Subject: C=HR, O=Podaci, GmbH., OU=IT, CN=PODACI Server CA Subject Public Key Info: Public Key Algorithm: id-ecPublicKey EC Public Key: pub: 04:e7:0c:cb:07:92:8e:fb:66:3e:28:5f:9d:d1:89: ee:b2:43:dd:f1:f7:da:d6:da:40:d8:ca:00:72:52: 04:cb:e7:a1:ad:d0:85:57:97:25:4a:d0:69:05:79: 4b:e2:d8:2b:9d:a0:e9:76:b3:b5:d4:4c:aa:be:39: 7e:61:00:7a:30 ASN1 OID: prime256v1 X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:91:28:77:40:37:8E:A4:75:62:F3:2B:40:86:05:8D:5C :72:BB:D7:97 DirName:/C=HR/O=Podaci, GmbH./OU=IT/CN=PODACI Root CA serial:A7:13:92:6F:7B:5A:44:16 X509v3 Subject Key Identifier: 84:9E:37:C9:DC:7F:51:43:09:48:13:DC:2A:7A:C2:79:08:B7 :63:47 X509v3 Basic Constraints: critical CA:TRUE X509v3 CRL Distribution Points: URI:http://podaci.co.uk/serverCA.crl Signature Algorithm: ecdsa-with-SHA1 30:44:02:20:5a:8b:91:c0:c7:f3:e2:56:b5:5c:4c:f8:99:aa: 00:4c:43:86:fc:b7:e7:5f:c2:1a:2b:85:70:51:e2:b3:f9:49: 02:20:10:1d:34:4a:cb:ee:ae:ca:79:e0:df:cf:48:a4:c2:d1: 95:e6:20:51:fc:53:86:f1:b5:c2:63:f5:62:3f:18:09
Any ideas? Thanks.Code:Certificate: Data: Version: 3 (0x2) Serial Number: a7:13:92:6f:7b:5a:44:16 Signature Algorithm: ecdsa-with-SHA1 Issuer: C=HR, O=Podaci, GmbH., OU=IT, CN=PODACI Root CA Validity Not Before: Jun 22 05:41:44 2011 GMT Not After : Jun 20 05:41:44 2016 GMT Subject: C=HR, O=Podaci, GmbH., OU=IT, CN=PODACI Root CA Subject Public Key Info: Public Key Algorithm: id-ecPublicKey EC Public Key: pub: 04:2d:27:03:0b:86:cb:c0:51:72:d6:e3:be:b6:a5: 44:c8:5a:4f:9b:8f:6d:f7:70:9c:83:a2:72:25:db: 14:92:9c:fc:eb:c2:26:f9:37:6c:88:05:c1:84:f1: 8e:c3:d9:c2:86:0e:07:8b:d8:ea:3b:25:44:0f:c9: 50:74:6c:52:bb ASN1 OID: prime256v1 X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement, C ertificate Sign, CRL Sign X509v3 Subject Key Identifier: 91:28:77:40:37:8E:A4:75:62:F3:2B:40:86:05:8D:5C:72:BB :D7:97 X509v3 CRL Distribution Points: URI:http://podaci.co.uk/rootCA.crl Signature Algorithm: ecdsa-with-SHA1 30:46:02:21:00:e3:dd:7c:f8:a4:6c:9d:ca:c7:11:b1:bc:9b: 8c:f9:a0:4c:cc:77:b3:4c:b7:39:a5:bc:07:ef:95:cc:a7:1a: 9d:02:21:00:b7:f8:3b:11:82:ed:dd:2d:6b:03:a4:5f:7b:72: ae:c4:1f:4a:2e:f0:46:d6:ff:c6:30:94:be:81:27:99:f4:f8
Reply With Quote
