httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Medan Gavril <gabi...@yahoo.com.INVALID>
Subject [users@httpd] Apache 2.4 Certificate Verification: Error (18): self signed certificate
Date Tue, 09 Feb 2016 09:38:38 GMT
HI all,
I have configured my apache 2.4 to work on https. I generated a self signed certificate for
myclient with openssl (ootb config) and  this works fine.
However my goal is have add few extensions to the self signed certificate.(principal name)
Therefore I added few changes in openssl.cnf file
[ v3_req]...subjectAltName=@principal_names
[ principal_names]DNS.1 = test.comotherName= 1.3.6.1.4.1.311.20.2.3;UTF8:test

When I import the certificate in IE I can properly see the fields that I added. Also if I
set SSLVerifyClient optional_no_ca in apache config it will work. The goal is to work with SSLVerifyClient
require
These are the commands I run to generate the certificate.openssl genrsa -out key.pem 2048openssl
req -new -sha256  -key key.pem -out csr.pemopenssl req -x509 -days 365 -sha256 -key key.pem
-in csr.pem -out cert.pemopenssl pkcs12 -export -in cert.pem -inkey key.pem -out server.p12
In error log I getAH02275: Certificate Verification, depth 0, CRL checking mode: none [subject: 
AH02276: Certificate Verification: Error (18): self signed certificate [subject: 
 core_output_filter: flushing because of FLUSH bucket
OpenSSL: Write: SSLv3 read client certificate B
OpenSSL: Exit: error in error
 AH02008: SSL library error 1 in handshake 
SSL Library Error: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify
failed

I have enabled trace8 logging.  Can you point me to the direction to overcome this issue
or enable more debugging
Best Regards,Gabi


Mime
View raw message