httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "DEVAL SHAH" <deva...@hotmail.com>
Subject Re: [users@httpd] Client Certificate authentication not working
Date Sat, 20 Jan 2007 00:26:44 GMT
Hello Serge,
I am using Apache 2.2.4 and IE 7. I imported the certificate in P12 format.

Thanks
Deval


>From: "Serge Dubrouski" <sergeyfd@gmail.com>
>Reply-To: users@httpd.apache.org
>To: users@httpd.apache.org
>Subject: Re: [users@httpd] Client Certificate authentication not working
>Date: Fri, 19 Jan 2007 17:06:08 -0700
>
>What version of Apache do you use? There is a well known problem for
>this in Apache 2.0.XX (there is an unofficial patch for it but I
>didn't try it) and the only way to fix it is to upgrade to Apache
>2.2.XX.
>
>On 1/19/07, DEVAL SHAH <devals9@hotmail.com> wrote:
>>Hello,
>>Please help me I have been trying to get this working for 2 weeks now. 
>>Here
>>is the error:
>>[debug] ssl_engine_kernel.c(426): Changed client verification type will
>>force renegotiation
>>[info] Requesting connection re-negotiation
>>......
>>...
>>[debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSLv3 read client
>>certificate B
>>[debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read 
>>client
>>certificate B
>>[error] Re-negotiation handshake failed: Not accepted by client!?
>>
>>I created a local CA. Worked fine
>>I have a trusted certificate from Thawte on Apache
>>I created a client certificate using my local CA - worked well. CN = Deval
>>Shah
>>I imported the client certificate and CA certificate in IE. IE shows the
>>certificate properly without any error.
>>
>>httpd-ssl.conf file
>>SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt  -> Points 
>>to
>>certificate from Thawte SSLCertificateKeyFile
>>/usr/local/apache2/conf/ssl.key/server.key
>>SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/devalCA.crt  -> local
>>CA that i created
>>SSLVerifyDepth  10
>><Location /testcerts/*>
>>   SSLOptions +ExportCertData +OptRenegotiate +StdEnvVars
>>   SSLVerifyClient require
>>   SSLRequire     %{SSL_CLIENT_S_DN_CN} in {"Deval Shah"}
>></Location>
>>
>>Let me know what is wrong?
>>
>>Thanks
>>Deval
>>
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message