Forum OpenACS Q&A: Re: nsopenssl error with AS4 and OpenACS HEAD

2: Re: nsopenssl error with AS4 and OpenACS HEAD (response to 1)

Posted by Torben Brosten on 08/04/04 10:54 PM

Claudio Pasolini,

"CA certificate file is not readable or does not exist"

is the clue.

Verify that the cert files are located in the ModuleDir. You might want to try using an absolute path to each cert file, for example:

ns_param CertFile /var/lib/aolserver/service0/etc/certs/certfile.pem

Verify that the cert files have any password removed. See the nsopenssl README file for instructions.

Verify permissions for these files.

Also, note that (apparently) openssl has a limitation that prevents more than one server (at least using nsopenssl) from using the same cert files. So, create a set of cert files for each server used. Copies should be okay.

hope this helps,

Torben

6: Re: nsopenssl error with AS4 and OpenACS HEAD (response to 2)

Posted by Claudio Pasolini on 08/05/04 09:50 AM

Thank you all for answering.

I changed config.tcl setting CADir to /usr/share/ssl and CAFile to /usr/share/ssl/cert.pem and now nsd starts without any error.

I also copied security-procs.tcl from cvs 5.1 as per Jade's suggestion. I'm using nsopenssl 3 beta 17, but my Mozilla 1.0.1 hangs forever as soon as I leave https for http.