Joel Rennich’s article “The Great Big Mac OS X Panther Server and SSL” was a live saver for me. I had spent two days trying to get SSL to work using write ups by several other people but none of them would work. (namely the Apple Developer Connection article “Creating Secure Transactions on Mac OSX server Using SSL”) All the ones I tried used the CA.pl script but I kept getting the following errors. No matter what I did.
[Thu Sep 2 23:21:53 2004] [error] mod_ssl: Init: (www.prosapien.com:16080) Ops, no RSA or DSA server certificate found?!
[Thu Sep 2 23:21:53 2004] [error] mod_ssl: Init: (www.prosapien.com:16080) You have to perform a *full* server restart when you added or removed a certificate and/or key file
[Thu Sep 2 23:22:05 2004] [error] mod_ssl: Init: Pass phrase incorrect (OpenSSL library error follows)
[Thu Sep 2 23:22:05 2004] [error] OpenSSL: error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long
When I used TGBMOXPSS instructions the errors did not occur. The biggest differences between all the other approaches and TGBMOXPSSs were
1) Did not use CA.pl but explicitly used openssl command
2) Cut and pasted from textedit the certificates and keys into Server Admin edit window instead of entering the file pathnames.
For my own sanity do you know why I got the errors and if those differences above were critical or was there something else that caused this problem?
There is one part of TGBMOXPSS that did not work for me. It is section 7. Enable your clients. I installed the ca.crt into the x509Anchors as described but my client still complains. I am using OSX Server 10.3.5. TGBMOXPSS was written pre 10.3.5 is there some difference now? I noticed that
in /System/Library/Keychains is a file called X509Certificates. Did apple change the file name? Should I be installing the ca.crt into x509Certificates instead of x509Anchors?
.
.
Comments are closed