On Thu, Aug 06, 2020 at 10:37:27AM +0200, Raphael Hertzog wrote: > On Thu, 06 Aug 2020, Stéphane Glondu wrote: > > Le 05/08/2020 à 14:36, Raphael Hertzog a écrit : > > >> tracker.debian.org does not seem to respond or responds always empty > > >> pages (no error) when I use a client certificate. > > > > > > I don't have the issue with my own certificate. > > > > > > I see this in the error log: > > > [Wed Aug 05 11:17:05.798925 2020] [ssl:error] [pid 31979:tid > > > 140564909500160] [client 80.227.5.106:40019] AH02039: Certificate > > > Verification: Error (66): EE certificate key too weak > > > [Wed Aug 05 11:59:09.029731 2020] [ssl:error] [pid 31979:tid > > > 140565890987776] [client 80.227.5.106:9418] AH02039: Certificate > > > Verification: Error (66): EE certificate key too weak > > > > This is not my IP address. > > Looking at your mail headers, I found 152.81.9.54 and I got similar logs: > hertzog@ticharich:~$ grep 152.81.9.54 > /var/log/apache2/tracker.debian.org-error.log > [Thu Aug 06 07:57:16.520838 2020] [ssl:error] [pid 29597:tid 140564724860672] > [client 152.81.9.54:55460] AH02039: Certificate Verification: Error (66): EE > certificate key too weak > [Thu Aug 06 07:57:48.093622 2020] [ssl:error] [pid 29597:tid 140564909500160] > [client 152.81.9.54:55462] AH02039: Certificate Verification: Error (10): > certificate has expired > > > When I first encountered the error, I realised my certificate was > > expired. Then, I generated a new certificate. I still get the > > undesirable behaviour with the new certificate. > > I'm not sure what else I can do to help you here. I'm putting DSA in copy > in case they know what's going on here. I never had such an issue. > > Did you drop you old certificate and restart your browser? > Maybe also provide the output of "openssl x509 -noout -text" on the cert.
Cheers, Julien
