_HELP_ ASAP
Secure Web Server 2.0 BUG
I have setup Secure Web Server 2.0 for a client
on one of my servers. The problem (BUG) is that
Secure Web Server 2.0 is not compatible with
Netscape 3.0(Windows 95, Others?) The error we
are getting when the client (or anyone) attempts
to connect to the server with Netscape 3.0 is:
"The security library has experienced a
database error. You will probably be unable to
connect to this site securely."
In the error_log-ssl log I get:
[Fri Nov 20 11:29:08 1998] [error] mod_ssl: SSL_accept failed
[Fri Nov 20 11:29:08 1998] [error] SSLeay: error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate
And we can not connect to the site at all. You
can try this for your self
at: https://login1.opcenter.net/penton/index.html
A copy of this E-Mail was sent to
support@redhat.com
Our client is Penton Media, Inc. (They just
acquired Mecklermedia)
PLEASE HELP
Thank You in advance.
______________________________________________________________
Michael Steinhart OPCenter
mike@opcenter.net PMH Network Services, Inc.
http://www.opcenter.net 284 Ackerman Ave
Emerson, NJ 07630
(201)599-2022
fax (201)599-2099
Jay Cuthrell - webmaster, sysadmin
1998-Nov-21 16:27 UTC
Re: Secure Web Server 2.0 BUG with Netscape 3.0
Michael, Have you performed a "Root Rollover" or suggested a policy for it? If not this is actually _not_ the web server but your Thawte Certificate causing this problem. You will want to go over this listing and follow the policy regarding this "Root Rollover". https://www.thawte.com/certs/server/rollover/contents.html You might need to just add another link on your website. If anyone else on the list would like to correct me or add in it would be appreciated. Thanks, Jay Cuthrell On Sat, 21 Nov 1998, Michael Steinhart wrote: }_HELP_ ASAP }Secure Web Server 2.0 BUG } }I have setup Secure Web Server 2.0 for a client }on one of my servers. The problem (BUG) is that }Secure Web Server 2.0 is not compatible with }Netscape 3.0(Windows 95, Others?) The error we }are getting when the client (or anyone) attempts }to connect to the server with Netscape 3.0 is: } "The security library has experienced a }database error. You will probably be unable to }connect to this site securely." } }In the error_log-ssl log I get: }[Fri Nov 20 11:29:08 1998] [error] mod_ssl: SSL_accept failed }[Fri Nov 20 11:29:08 1998] [error] SSLeay: error:14094412:SSL }routines:SSL3_READ_BYTES:sslv3 alert bad certificate } } }And we can not connect to the site at all. You }can try this for your self }at: https://login1.opcenter.net/penton/index.html } }A copy of this E-Mail was sent to }support@redhat.com } }Our client is Penton Media, Inc. (They just }acquired Mecklermedia) } }PLEASE HELP } }Thank You in advance. } } }______________________________________________________________ } }Michael Steinhart OPCenter }mike@opcenter.net PMH Network Services, Inc. }http://www.opcenter.net 284 Ackerman Ave } Emerson, NJ 07630 } (201)599-2022 }fax (201)599-2099 } } }-- } PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES! } http://www.redhat.com http://archive.redhat.com } To unsubscribe: mail redhat-secure-server-request@redhat.com with } "unsubscribe" as the Subject. } } Jay Cuthrell - Internet Applications Engineer (http://fudge.nortel.net) Nortel Information Network (http://www.nortel.net) jay@nortel.net (919)992-2045 ESN 352-2045 FAX (919)992-2884 Mirabilis ICQ# 1351835 AIM ScreenName Qthrul CUSeeMe/iVisit Fudge
Jay Cuthrell - webmaster, sysadmin
1998-Nov-21 16:35 UTC
Re: Secure Web Server 2.0 BUG with Netscape 3.0
} PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES! } http://www.redhat.com http://archive.redhat.com If you try to do a search on something with the archive http://archive.redhat.com:80/Harvest/cgi-bin/nph-search.cgi?query=Thawte&broker=Archive&caseflag=on&wordflag=on&errorflag=0&opaqueflag=on&descflag=on&verbose=on&maxobjflag=50&maxlineflag=10&maxresultflag=100 One gets this error: Broker Query Results for: Thawte Sorry, but the Broker on archive.redhat.com, port 8501 is currently unavailable. Please try again later. archive.redhat.com:8501: Connection refused Thanks, Jay "Why am I doing this on a Saturday? ;) " Cuthrell Jay Cuthrell - Internet Applications Engineer (http://fudge.nortel.net) Nortel Information Network (http://www.nortel.net) jay@nortel.net (919)992-2045 ESN 352-2045 FAX (919)992-2884 Mirabilis ICQ# 1351835 AIM ScreenName Qthrul CUSeeMe/iVisit Fudge
Jay Cuthrell - webmaster, sysadmin
1998-Nov-21 16:59 UTC
Re: Secure Web Server 2.0 BUG with Netscape 3.0
(I need coffe... I resent this _twice_ the wrong way so I will just add some more while I am at it) Michael, Have you performed a "Root Rollover" or suggested a policy for it? Perhaps not? If not this is actually _not_ the web server but your Thawte Certificate causing this problem with these legacy browsers. You will want to go over this listing and follow the policy regarding this "Root Rollover". https://www.thawte.com/certs/server/rollover/contents.html You might need to just add another link on your website or to that form page... this is covered in full detail here: https://www.thawte.com/certs/server/rollpolicy.html Your web server is probably just fine. :) Thanks, Jay On Sat, 21 Nov 1998, Michael Steinhart wrote: }_HELP_ ASAP }Secure Web Server 2.0 BUG } }I have setup Secure Web Server 2.0 for a client }on one of my servers. The problem (BUG) is that }Secure Web Server 2.0 is not compatible with }Netscape 3.0(Windows 95, Others?) The error we }are getting when the client (or anyone) attempts }to connect to the server with Netscape 3.0 is: } "The security library has experienced a }database error. You will probably be unable to }connect to this site securely." } }In the error_log-ssl log I get: }[Fri Nov 20 11:29:08 1998] [error] mod_ssl: SSL_accept failed }[Fri Nov 20 11:29:08 1998] [error] SSLeay: error:14094412:SSL }routines:SSL3_READ_BYTES:sslv3 alert bad certificate } } }And we can not connect to the site at all. You }can try this for your self }at: https://login1.opcenter.net/penton/index.html } }A copy of this E-Mail was sent to }support@redhat.com } }Our client is Penton Media, Inc. (They just }acquired Mecklermedia) } }PLEASE HELP } }Thank You in advance. } } }______________________________________________________________ } }Michael Steinhart OPCenter }mike@opcenter.net PMH Network Services, Inc. }http://www.opcenter.net 284 Ackerman Ave } Emerson, NJ 07630 } (201)599-2022 }fax (201)599-2099 } } }-- } PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES! } http://www.redhat.com http://archive.redhat.com } To unsubscribe: mail redhat-secure-server-request@redhat.com with } "unsubscribe" as the Subject. } } Jay Cuthrell - Internet Applications Engineer (http://fudge.nortel.net) Nortel Information Network (http://www.nortel.net) jay@nortel.net (919)992-2045 ESN 352-2045 FAX (919)992-2884 Mirabilis ICQ# 1351835 AIM ScreenName Qthrul CUSeeMe/iVisit Fudge
On Sat, 21 Nov 1998, Michael Steinhart wrote:> _HELP_ ASAP > Secure Web Server 2.0 BUG > > I have setup Secure Web Server 2.0 for a client > on one of my servers. The problem (BUG) is that > Secure Web Server 2.0 is not compatible with > Netscape 3.0(Windows 95, Others?) The error we > are getting when the client (or anyone) attempts > to connect to the server with Netscape 3.0 is: > "The security library has experienced a > database error. You will probably be unable to > connect to this site securely." > > In the error_log-ssl log I get: > [Fri Nov 20 11:29:08 1998] [error] mod_ssl: SSL_accept failed > [Fri Nov 20 11:29:08 1998] [error] SSLeay: error:14094412:SSL > routines:SSL3_READ_BYTES:sslv3 alert bad certificateYou appear to be using a Thawte certificate. The certificates that Thawte now issues are signed by a newer certificate than that which shipped in Netscape 3.0. They actually have a web page: http://www.thawte.com/certs/server/rollover/contents.html Which explains the problem and how to rectify it. Basically, you will need to upgrade the netscape clients to have the new Thawte Certificate Authority certificates. This is not a bug in Secure Web Server. It is a fact of life that certificates are set to expire every couple of years. Unfortunately, the Thawte certificate included in Netscape 3.x had a relatively short life span. --- -Preston Brown Red Hat Software, Inc. pbrown@redhat.com