Re: URGENT : SSL Handshake failed

Fri, 26 Jan 2001 02:34:10 -0800 

Thanks for your help...

The client has its certificate installed in the browser. He asked the
Netscape Certificate Server for a  certificate and then installed it in the
Browser.

Sorry, I miss someting about the authentication chain.
The Apcahe server got a certifcate from the Netscape Certificate Server.
Does the server verify the client certificate by contacting the Netscape
Certificate Server ?
Does the client verify the sever certificate by contacting the Netscape
Certificate Server ?
You suggest me to configure the SSLCACertificatePath...
What does it mean ?
Should I import all the client certificates of the Netscape Certificate
Server in the directory conf/ssl.crt ?

Regards,
Ravi APPANAH

----- Original Message -----
From: "Owen Boyle" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 26, 2001 10:40 AM
Subject: Re: URGENT : SSL Handshake failed


> > drt rappanah wrote:
> >     I can't access to the Apache web server because of this following
error :
>
> Apart from repeatedly posting your question to the list, what else have
> you done over the last few days to try to fix your problem?
>
> You are commanding the server to verify any clients who try to connect.
> So the server will ask the client for a certificate:
> - have you installed this in the browser?
>
> If so, the server will then try to authenticate the certificate it
> receives:
> - does the server have access to the CA certificate?
> - What do you have under SSLCACertificatePath?
>
> It seems to me, the server is failing to authenticate the chain
> somewhere. This is an important message:
>
> > [23/jan/2001 17:22:52 14800] [error] Certificate Verification: Error
(20): unable to get local issuer certificate
>
> And so is this one:
>
> > [23/jan/2001 17:22:52 14800] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
>
> Have a good read through
> http://www.modssl.org/docs/2.7/ssl_reference.html#ToC13 and
> http://www.modssl.org/docs/2.7/ssl_intro.html#ToC7
>
> Rgds,
>
> Owen Boyle.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to