From users-return-96381-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org Fri Aug 06 14:30:39 2010 Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 15737 invoked from network); 6 Aug 2010 14:30:38 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 6 Aug 2010 14:30:38 -0000 Received: (qmail 29878 invoked by uid 500); 6 Aug 2010 14:30:35 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 29654 invoked by uid 500); 6 Aug 2010 14:30:32 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 29646 invoked by uid 99); 6 Aug 2010 14:30:31 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Aug 2010 14:30:31 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of luisneves@hotmail.com designates 65.55.34.90 as permitted sender) Received: from [65.55.34.90] (HELO col0-omc2-s16.col0.hotmail.com) (65.55.34.90) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Aug 2010 14:30:22 +0000 Received: from COL110-W47 ([65.55.34.71]) by col0-omc2-s16.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 6 Aug 2010 07:30:00 -0700 Message-ID: Content-Type: multipart/alternative; boundary="_5e248a6c-719f-4b26-9d78-39526c080997_" X-Originating-IP: [194.65.1.253] From: Luis Neves To: Date: Fri, 6 Aug 2010 14:30:00 +0000 Importance: Normal In-Reply-To: References: ,,, MIME-Version: 1.0 X-OriginalArrivalTime: 06 Aug 2010 14:30:00.0819 (UTC) FILETIME=[DA2E9C30:01CB3573] X-Virus-Checked: Checked by ClamAV on apache.org Subject: RE: [users@httpd] strange behaviour: SSLCACertificatePath and SSLCACertificateFile not giving the same result? --_5e248a6c-719f-4b26-9d78-39526c080997_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Ive tried to use "-cert lneves.pem" but the openssl command is asking for t= he key Ive tried to extract the private key from IE but the option is greyed-out (= key is not exportable)=2C and I dont know how to get it from the smartcard = itself.... Im stucked Luis > Date: Fri=2C 6 Aug 2010 14:16:47 +0200 > From: joost@sanguis.xs4all.nl > To: users@httpd.apache.org > Subject: RE: [users@httpd] strange behaviour: SSLCACertificatePath and S= SLCACertificateFile not giving the same result? >=20 > On Fri=2C August 6=2C 2010 13:52=2C Luis Neves wrote: > > > > Im trying as suggested=2C But what should I look for? I see the SSLv3 > > traffic between server and client. > > > > The server send all the CA certificates=2C the client send all his > > certificates as well=2C then a BAD certificate error is returned by the > > server >=20 > On the server=2C compare the output of: >=20 > openssl s_client -connect server:443 -cert [clientcert.p12] -CAfile > [bundledCAfile] > openssl s_client -connect server:443 -cert [clientcert.p12] -CApath > [PathtoCAfiles] >=20 > Joost >=20 > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project= . > See for more info. > To unsubscribe=2C e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands=2C e-mail: users-help@httpd.apache.org >=20 = --_5e248a6c-719f-4b26-9d78-39526c080997_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Ive tried to use "-cert lneves.pem" but the openssl command is asking for t= he key

Ive tried to extract the private key from IE but the option i= s greyed-out (key is not exportable)=2C and I dont know how to get it from = the smartcard itself.... Im stucked

Luis

>=3B Date: Fri=2C = 6 Aug 2010 14:16:47 +0200
>=3B From: joost@sanguis.xs4all.nl
>=3B= To: users@httpd.apache.org
>=3B Subject: RE: [users@httpd] strange be= haviour: SSLCACertificatePath and SSLCACertificateFile not giving the same= result?
>=3B
>=3B On Fri=2C August 6=2C 2010 13:52=2C Luis Neve= s wrote:
>=3B >=3B
>=3B >=3B Im trying as suggested=2C But wh= at should I look for? I see the SSLv3
>=3B >=3B traffic between serv= er and client.
>=3B >=3B
>=3B >=3B The server send all the CA= certificates=2C the client send all his
>=3B >=3B certificates as w= ell=2C then a BAD certificate error is returned by the
>=3B >=3B ser= ver
>=3B
>=3B On the server=2C compare the output of:
>=3B =
>=3B openssl s_client -connect server:443 -cert [clientcert.p12] -CAf= ile
>=3B [bundledCAfile]
>=3B openssl s_client -connect server:44= 3 -cert [clientcert.p12] -CApath
>=3B [PathtoCAfiles]
>=3B
&g= t=3B Joost
>=3B
>=3B -------------------------------------------= --------------------------
>=3B The official User-To-User support foru= m of the Apache HTTP Server Project.
>=3B See <=3BURL:http://httpd.a= pache.org/userslist.html>=3B for more info.
>=3B To unsubscribe=2C e= -mail: users-unsubscribe@httpd.apache.org
>=3B " from the digest:= users-digest-unsubscribe@httpd.apache.org
>=3B For additional command= s=2C e-mail: users-help@httpd.apache.org
>=3B
= --_5e248a6c-719f-4b26-9d78-39526c080997_--