Forum OpenACS Q&A: Re: getting nsdsl and nssock errors when starting service

3: Re: getting nsdsl and nssock errors when starting service (response to 1)

Posted by Cesar Dominguez on 10/03/19 11:41 PM

Thanks Gustaf, it worked, now regarding the ssl, im still having these errors.

[03/Oct/2019:16:37:37][5189.7fdb0a900700][-driver:nsssl_v4:0-] Notice: SSL_shutdown has failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
[03/Oct/2019:16:37:37][5189.7fdb0a900700][-driver:nsssl_v4:0-] Notice: SSL_shutdown has failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
[03/Oct/2019:16:37:37][5189.7fdb0a900700][-driver:nsssl_v4:0-] Notice: SSL_shutdown has failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
[03/Oct/2019:16:37:37][5189.7fdb0a900700][-driver:nsssl_v4:0-] Notice: SSL_shutdown has failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
[03/Oct/2019:16:37:42][5189.7fdb0a900700][-driver:nsssl_v4:0-] Notice: SSL_shutdown has failed: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init

you know what could be happening there? i created my self signed certificate

4: Re: getting nsssl and nssock errors when starting service (response to 3)

Posted by Gustaf Neumann on 10/04/19 10:09 AM

The error message "certificate unknown" is generated by OpenSSL in cases, where a client refuses to work with this certificate. I would not be surprised, if you get this error just from requests of certain clients (browser).

if you want to know what's going on, use a command like the following (replace https://openacs.org with your site)

curl -v https://openacs.org 2>&1|less

Probably, curl allows the self-signed certificate.

The better approach is to get a real certificate, since newer browser are getting increasingly unhappy with insufficient secured certificates. We use on openacs.org a Let's Encrypt certificate, installed via the letsencrypt module of NaviServer.