SSL Cannot Make A Handshake

After strictly following the SSL certificate authority documentation, I'm stumped to solve the reason for this error. When accessing my website via HTTPS Firefox spits out the following error:

SSL peer was unable to negotiate an acceptable set of security parameters.
(Error code: ssl_error_handshake_failure_alert)

I went back and found this in the SSL error log (domain was modified on purpose):

[Mon May 09 02:11:05 2011] [warn] RSA server certificate wildcard CommonName (CN) `*.domain.com' does NOT match server name!?

Where is the server name defined? I can't find a reasonable explanation in my httpd-ssl.conf file to solve this error. Thanks for your help!

Update Finally solved the problem, detailed below:

Unfortunately it was created by a default value in my Apache distribution. The option:

SSLVerifyClient require

Actually needed to be set as:

SSLVerifyClient optional

开发者_开发百科

I'm not issuing client certs just yet. However credit is due to the answers for narrowing the problem. I appreciate the help!

---

That line in your logfile might matter later, but it's only a [warn] and it's not what handshake_failure means. Handshake_failure means that a cipher suite could not be negotiated -- no cipher suite is supported by both client and server. Look at what ciphers are supported by your server.

Edit: I always forget that if a client fails to provide a required certificate, that also results in handshake_failure (section 7.4.6).

---

SSL compares the CommonName with the name of the server you actually try to connect to.

Possibly you are using an alternative name like 'localhost' or an IP Adress.

---

Solved the problem, and unfortunately it was created by a default value in my Apache distribution. The option:

SSLVerifyClient require

Actually needed to be set as:

SSLVerifyClient optional

I'm not issuing client certs just yet. However credit is due to the answers for narrowing the problem. I appreciate the help!