> Like many educational institutions we get "educational certificates" that are chain certificates..
> 
> With apache the full certificate chain is working as expected..
> 
> For elog I copied the appropriate files to server.crt and server.key
> 
> Netscape 3 is happy with that setup, Internet Explorer and Opera are mentioning the open certificate chain.
> 
> When I tried to copy the file known as SSLCACertificateFile in Apache to chain.crt elogd does not longer work 
and 
> 
> openssl s_client -showcerts -connect <myserver>:<elogd_port>
> 
> only shows: 
> 
> CONNECTED(00000003)
> 25523:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:562:

To be honest I'm not an expert on SSL. I just use following code inside ELOG to initialize the SSL connection:

SSL_CTX *init_ssl(void)
{
   char str[256];
   SSL_METHOD *meth;
   SSL_CTX *ctx;

   SSL_library_init();
   SSL_load_error_strings();

   meth = SSLv23_method();
   ctx = SSL_CTX_new(meth);

   strlcpy(str, resource_dir, sizeof(str));
   strlcat(str, "ssl/server.crt", sizeof(str));
   if (!file_exist(str)) {
      eprintf("Cerificate file \"%s\" not found, aborting\n", str);
      return NULL;
   }
   if (SSL_CTX_use_certificate_file(ctx, str, SSL_FILETYPE_PEM) < 0)
      return NULL;

   strlcpy(str, resource_dir, sizeof(str));
   strlcat(str, "ssl/server.key", sizeof(str));
   if (!file_exist(str)) {
      eprintf("Key file \"%s\" not found, aborting\n", str);
      return NULL;
   }
   if (SSL_CTX_use_PrivateKey_file(ctx, str, SSL_FILETYPE_PEM) < 0)
      return NULL;
   if (SSL_CTX_check_private_key(ctx) < 0)
      return NULL;

   strlcpy(str, resource_dir, sizeof(str));
   strlcat(str, "ssl/chain.crt", sizeof(str));
   if (file_exist(str))
      SSL_CTX_use_certificate_chain_file(ctx, str);

   return ctx;
}

Maybe I need something different for chain certificates, but I don't know. I just copied these calls from the 
example which comes with the libssl library which I'm using. Maybe somebody has an idea how this could be 
improved. Actually looking at the code I see that the 'chain.crt' file is used. If you send me your files 
privately I could try them and see if I get a specific error code from the SSL library.

Thanks for reporting that bug. I realized that this was not working at all since a long time. I fixed it in SVN revision 2245.

Allow HTML = 1

> Like many educational institutions we get "educational certificates" that are chain certificates..
>  
> only shows: 
> 
> CONNECTED(00000003)
> 25523:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:562:
> 
> What do I do wrong?
> 

After reading the OpenSSL Documentation:

The certificates must be in PEM format and must be sorted starting with the subject's certificate (actual client or
server certificate), followed by intermediate CA certificates if applicable, and ending at the highest level (root) CA.

The chain.crt has to be of the following format:

HOST CERTIFICATE
INTERMEDIATE CERTIFICATE
ROOT CERTIFICATE

Then it is working w/o problems

GS

I have installed Elog in a Windows-environment. It's working fine, but i get a new logbookfile each day. Is it possible to have all entries in 1 logbookfile?

No. The standard database engine inside ELOG works this way. It allows you to backup then every month or year easily just on the file system by copying all 10????a.log files for example. If you would have just one file (which could become very large), there is no easy way to do that.