Forum OpenACS Q&A: Re: nsopenssl error EOF during ssl handshake

Collapse
Posted by Amol Takate on
Richard,

    I changed config parameters but still it didn't worked out.

    I do not know why it is happening with IE5 only .
    With all other browsers it works well.

    Is the bug in nsopenssl lib or in my installation.
    I went through nsopenssl lib but it seems OK

  Thanks
  Amol
Collapse
Posted by Richard Hamilton on
Amol,
OK sorry, I missed this last time - you posted :
*******************************************************************************
[14/Feb/2003:03:14:22][20736.8192][-main-] Notice: nsssl: ServerCAFile = /usr/local/aolserver/servers/iunctura1/modules/nsopenssl/ca.pem
[14/Feb/2003:03:14:22][20736.8192][-main-] Notice: nsssl: ServerCADir = /usr/local/aolserver/servers/iunctura1/modules/nsopenssl/ca
[14/Feb/2003:03:14:22][20736.8192][-main-] Notice: nsssl: CA certificate directory does not exist
[14/Feb/2003:03:14:22][20736.8192][-main-] Notice: nsssl: ServerSessionCache = 0
*************************************************************************

This is telling you that you need the directory set up that you have specified to contain the certificating authority certificate (i.e. a ca.pem). You need a cert.pem and a key.pem in :
/usr/local/aolserver/servers/iunctura1/modules/nsopenssl
and a ca.pem file in the directory you specified here :
ServerCADir = /usr/local/aolserver/servers/iunctura1/modules/nsopenssl/ca

so create :
/usr/local/aolserver/servers/iunctura1/modules/nsopenssl/ca/

...and then put ca.pem into it. Be sure to check that they are readable nsadmin. Try that and let me know.
I have no idea why the problem is related only to IE5, that sounds like an issue on the client machines to me as the https protocol should be consistent.
Richard