[CalendarServer-users] SSL problems with 2.3 and trunk under Debian
Mark Nipper
nipsy at bitgnome.net
Tue Jan 5 05:14:19 PST 2010
On 05 Jan 2010, Guy wrote:
> I would test the certs on a apache web server and check that they
> work. There is plenty of logging and documentation to work with.
Well, any of them work fine elsewhere. The Apple cert
supplied in the checkout itself is expired, but is valid
otherwise, yet yields the same broken results. The snakeoil cert
is an automatically generated, self-signed certificate which a
Debian package has provided at some point. While not ideal, it's
a valid certificate otherwise. And my preferred certificate is
my actual GoDaddy certificate which is currently in use by my
Apache server. It requires an intermediate bundle, but even with
all of that defined correctly in my configuration file, I still
get the same broken behavior.
The question is, where is this logging and documentation?
Specifically, what command line options or configuration
file options would enable the right kind of debugging as to see
what might be going wrong with the HTTPS side of things (since
HTTP works fine)?
> Also have you tried with a web browser to access port 8443. That
> might provide some debugging insight.
Yes, that's where I was seeing the connection reset and
connection was interrupted messages.
> Oh and also check DNS. You need to have A and PTR records set
> correctly for your server.
All of this is fine. Everything works via HTTP. And
none of this would matter anyway with HTTPS. You would simply
get warnings from the client (Firefox for example) if the host
name didn't match what was in the certificate presented. But
it's not even getting that far.
--
Mark Nipper
nipsy at bitgnome.net (XMPP)
+1 979 575 3193
-
Do daemons dream of electric sleep()?
More information about the calendarserver-users
mailing list