Hi Tom,
the location of SSL certificates changed from C4 to C5, certificates are
located in /etc/pki/tls on C5. Apache is also a newer version on C5
(2.2 , 2.0 in C4). You should check your configs manually and change
them accordingly. I can help you if you post your C4 config.
Regards,
Michel van Deventer
On Fri, 2008-03-28 at 18:37 -0400, Tom Diehl wrote:> Hi,
>
> I have a c4 server that I am trying to migrate an ssl site over to a new C5
> machine with all of the updates. The certificate is an equifax cert and
works
> as advertised on the C4 server. When I move it over to the C5 machine I get
> error in firefox that says error code -12227 which
> http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html says
is
> an SSL_ERROR_HANDSHAKE_FAILURE_ALERT. In addition it says that this means
> that "SSL peer was unable to negotiate an acceptable set of security
> parameters."
>
> If I try to open the site in IE, it prompts for a client certificate. This
> fails because I am not using client certs.
>
> In the apache config for ssl.conf I have "SSLVerifyClient none".
I have also
> tried setting it to "optional" with the same results.
>
> In the past moving these sites to a different machine was as simple as
> copying the certs and the config files over to the new machine, reloading
> httpd and everyting just worked. Is there something different about ssl on
> C5? Does anyone know a good way to troubleshoot this.
>
> Google and the docs are not helping.
>
> What am I missing?
>
> Regards,
>