espfutbol98
New Member
- Messages
- 200
- Reaction score
- 2
- Points
- 0
Hello, I have an Ubuntu server running Apache Friend's XAMPP and I used to have several name based virtual hosts each with a different RSA SSL certificate from my own CA and it all worked just fine until I made my own Elliptic Curve CA using Openssl. I know there are no errors in the CA because I exported the client cert and the chain to a .pfx and installed it in the Microsoft certificate store on my laptop. Anyway, I get the error "Oops, no rsa or dsa server certificate found for domain". Here is the relevant config file:
I've googled the issue for hours but none of the information helped at all. The key is not encrypted as shown below:
The server's certificate:
intermediary server ca cert
root ca cert
Any ideas? Thanks.
Code:
NameVirtualHost *:443
SSLStrictSNIVHostCheck off
<VirtualHost *:443>
ServerName podaci.sgov.gov
DocumentRoot /opt/lampp/htdocs/JWICS
SSLEngine on
SSLVerifyClient require
SSLVerifyDepth 10
SSLProtocol +TLSv1
SSLCipherSuite ALL:!ADH:!EXPORT56:+RSA:-MD5:+3DES:+HIGH:+MEDIUM:!LOW:!SSLv2:+EXP:+eNULL:+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
SSLCertificateFile /opt/lampp/etc/ssl.crt/gov.crt
SSLCertificateKeyFile /opt/lampp/etc/ssl.key/gov.key
SSLCACertificateFile /opt/lampp/etc/ssl.crt/root.crt
SSLCertificateChainFile /opt/lampp/etc/ssl.crt/chain.crt
<FilesMatch "\.(cgi|shtml|pl|asp|php)$">
SSLOptions +StdEnvVars
SSLOptions +ExportCertData
</FilesMatch>
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
I've googled the issue for hours but none of the information helped at all. The key is not encrypted as shown below:
Code:
-----BEGIN EC PRIVATE KEY-----
........[key contents].......
-----END EC PRIVATE KEY-----
The server's certificate:
Code:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: ecdsa-with-SHA1
Issuer: C=HR, O=Podaci, GmbH., OU=IT, CN=PODACI Server CA
Validity
Not Before: Jun 22 06:10:53 2011 GMT
Not After : Jun 20 06:10:53 2016 GMT
Subject: C=HR, O=Podaci, GmbH., OU=IT, CN=PODACI CLASSIFIED S
ERVER
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
EC Public Key:
pub:
04:f5:6b:d2:c4:af:0a:cc:aa:c6:08:6c:3d:41:6a:
d2:cb:ea:21:71:8e:2f:4b:37:b2:03:18:d5:63:84:
47:71:47:2a:2a:cb:ee:a7:62:14:2b:16:7d:e9:11:
77:a9:ab:24:99:56:5a:09:01:9b:32:64:0a:2c:cd:
53:d6:2f:e7:af
ASN1 OID: prime256v1
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage: critical
TLS Web Server Authentication, TLS Web Client Authent
ication
X509v3 Authority Key Identifier:
keyid:84:9E:37:C9:DC:7F:51:43:09:48:13:DC:2A:7A:C2:79
:08:B7:63:47
DirName:/C=HR/O=Podaci, GmbH./OU=IT/CN=PODACI Root CA
serial:02
X509v3 Subject Key Identifier:
F7:98:E6:95:38:86:E7:10:4C:DF:3B:BE:27:75:D0:7D:D1:2F
:B2:88
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Alternative Name: critical
DNS:podaci.sgov.gov, DNS:podaci.gov.ru, DNS:podaci.go
v.rs
X509v3 CRL Distribution Points:
URI:http://podaci.co.uk/serverCA.crl
Signature Algorithm: ecdsa-with-SHA1
30:45:02:21:00:a4:96:ca:26:8c:45:66:f8:a7:d4:7e:d4:1c:
98:23:39:26:80:f9:b4:d9:94:4d:c5:8f:6f:84:0d:91:7f:55:
d4:02:20:63:1b:30:92:89:a6:8d:b2:13:7c:fc:3f:02:84:81:
50:a3:90:f6:6a:7a:71:45:fe:82:3e:3a:11:bb:4b:58:57
Code:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: ecdsa-with-SHA1
Issuer: C=HR, O=Podaci, GmbH., OU=IT, CN=PODACI Root CA
Validity
Not Before: Jun 22 06:05:50 2011 GMT
Not After : Jun 20 06:05:50 2016 GMT
Subject: C=HR, O=Podaci, GmbH., OU=IT, CN=PODACI Server CA
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
EC Public Key:
pub:
04:e7:0c:cb:07:92:8e:fb:66:3e:28:5f:9d:d1:89:
ee:b2:43:dd:f1:f7:da:d6:da:40:d8:ca:00:72:52:
04:cb:e7:a1:ad:d0:85:57:97:25:4a:d0:69:05:79:
4b:e2:d8:2b:9d:a0:e9:76:b3:b5:d4:4c:aa:be:39:
7e:61:00:7a:30
ASN1 OID: prime256v1
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Authority Key Identifier:
keyid:91:28:77:40:37:8E:A4:75:62:F3:2B:40:86:05:8D:5C
:72:BB:D7:97
DirName:/C=HR/O=Podaci, GmbH./OU=IT/CN=PODACI Root CA
serial:A7:13:92:6F:7B:5A:44:16
X509v3 Subject Key Identifier:
84:9E:37:C9:DC:7F:51:43:09:48:13:DC:2A:7A:C2:79:08:B7
:63:47
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 CRL Distribution Points:
URI:http://podaci.co.uk/serverCA.crl
Signature Algorithm: ecdsa-with-SHA1
30:44:02:20:5a:8b:91:c0:c7:f3:e2:56:b5:5c:4c:f8:99:aa:
00:4c:43:86:fc:b7:e7:5f:c2:1a:2b:85:70:51:e2:b3:f9:49:
02:20:10:1d:34:4a:cb:ee:ae:ca:79:e0:df:cf:48:a4:c2:d1:
95:e6:20:51:fc:53:86:f1:b5:c2:63:f5:62:3f:18:09
Code:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
a7:13:92:6f:7b:5a:44:16
Signature Algorithm: ecdsa-with-SHA1
Issuer: C=HR, O=Podaci, GmbH., OU=IT, CN=PODACI Root CA
Validity
Not Before: Jun 22 05:41:44 2011 GMT
Not After : Jun 20 05:41:44 2016 GMT
Subject: C=HR, O=Podaci, GmbH., OU=IT, CN=PODACI Root CA
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
EC Public Key:
pub:
04:2d:27:03:0b:86:cb:c0:51:72:d6:e3:be:b6:a5:
44:c8:5a:4f:9b:8f:6d:f7:70:9c:83:a2:72:25:db:
14:92:9c:fc:eb:c2:26:f9:37:6c:88:05:c1:84:f1:
8e:c3:d9:c2:86:0e:07:8b:d8:ea:3b:25:44:0f:c9:
50:74:6c:52:bb
ASN1 OID: prime256v1
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement, C
ertificate Sign, CRL Sign
X509v3 Subject Key Identifier:
91:28:77:40:37:8E:A4:75:62:F3:2B:40:86:05:8D:5C:72:BB
:D7:97
X509v3 CRL Distribution Points:
URI:http://podaci.co.uk/rootCA.crl
Signature Algorithm: ecdsa-with-SHA1
30:46:02:21:00:e3:dd:7c:f8:a4:6c:9d:ca:c7:11:b1:bc:9b:
8c:f9:a0:4c:cc:77:b3:4c:b7:39:a5:bc:07:ef:95:cc:a7:1a:
9d:02:21:00:b7:f8:3b:11:82:ed:dd:2d:6b:03:a4:5f:7b:72:
ae:c4:1f:4a:2e:f0:46:d6:ff:c6:30:94:be:81:27:99:f4:f8
Any ideas? Thanks.