Why is client authentication broken after upgrading from SSLeay version 0.8 to 0.9?
The CA certificates under the path you configured with SSLCACertificatePath are found by SSLeay through hash symlinks. These hash values are generated by the `openssl x509 -noout -hash’ command. However, the algorithm used to calculate the hash for a certificate changed between SSLeay 0.8 and 0.9. You will need to remove all old hash symlinks and create new ones after upgrading. Use the Makefile provided by mod_ssl.
SSLCACertificatePath are found by SSLeay through hash symlinks. These hash values are generated by the `openssl x509 -noout -hash’ command. But the algorithm used to calculate the hash for a certificate has changed between SSLeay 0.8 and 0.9. So you have to remove all old hash symlinks and re-create new ones after upgrading. Use the Makefile mod_ssl placed into this directory. • How can I convert a certificate from PEM to DER format? [L] The default certificate format for SSLeay/OpenSSL is PEM, which actually is Base64 encoded DER with header and footer lines. For some applications (e.g. Microsoft Internet Explorer) you need the certificate in plain DER format. You can convert a PEM file cert.pem into the corresponding DER file cert.der with the following command: $ openssl x509 -in cert.pem -out cert.der -outform DER • I try to install a Verisign certificate. Why can’t I find neither the getca nor getverisign programs Verisign mentions? [L] This is because Verisign has never provided
Related Questions
- I have the broken Xfree86 Xprt binary on my system. Do I need a new version of libXp.so (the client side X11 extension library for Xprint), too ?
- Is there an easy way with webserver 6.0 to point to the -server version of the jvm vs the client version?
- Why is client authentication broken after upgrading from SSLeay version 0.8 to 0.9?
