httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] Export CACertificate to Tomcat
Date Thu, 05 Aug 2010 13:57:11 GMT
On Mon, Aug 2, 2010 at 10:31 AM, Tina Exner <texner@picturesafe.de> wrote:
> hi all,
>
> we have a nexus multiid server for certificate authentication.
> i try to pass the client smartcard certificates from apache to tomcat
> server.
> the tomcat talks to the nexus and the authentication take effect.
>
> when i try to export the client ca certificate to the tomcat server
>  i get the following errors:
>
> [Mon Aug 02 15:36:40 2010] [error] [client] Certificate Verification: Error
> (20): unable to get local issuer certificate
> [Mon Aug 02 15:36:40 2010] [error] [client] Re-negotiation handshake failed:
> Not accepted by client!?

Wouldn't that mean an error between Apache and the browser, not tomcat?
>
> @Firefox:
> (Fehlercode: ssl_error_unknown_ca_alert)

Wouldn't that mean an error between Apache and the browser, not tomcat?

>        <Location /nexus>
>                 SSLVerifyClient         require
>                 SSLVerifyDepth          5

Can you test without per-directory client certificate requests /
renegotiation?  Awfully complicated subject after CVE-2009-3555.

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message