Client Certificate Problem

Jochen Vogel Thu, 06 Jun 2002 04:34:05 -0700

hi,

i created a CA and a ClientKey witch i imported in my Client.
in httpd.conf i configured


Alias /test/ "/opt/www/test/"
    <Directory "/opt/www/test/">
        Options Indexes 
        Order allow,deny
        Allow from 192.168.0.142
        SSLVerifyClient require
        SSLVerifyDepth 1
    </Directory

if i try to connect i get the following error.

==> ./logs/ssl_engine_log <==
[06/Jun/2002 13:04:06 01186] [info]  Connection to child 5 established
(server suse:443, client 192.168.0.142)
[06/Jun/2002 13:04:06 01186] [info]  Seeding PRNG with 23177 bytes of
entropy
[06/Jun/2002 13:04:06 01186] [info]  Connection: Client IP: 192.168.0.142,
Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits)
[06/Jun/2002 13:04:06 01186] [info]  Connection to child 5 closed with
standard shutdown (server suse:443, client 192.168.0.142)

==> ./logs/access_log <==
192.168.0.142 - - [06/Jun/2002:13:04:07 +0200] "GET /test/ HTTP/1.1" 403 265

==> ./logs/error_log <==
[Thu Jun  6 13:04:07 2002] [error] mod_ssl: Re-negotiation handshake failed:
Not accepted by client!?
[Thu Jun  6 13:04:07 2002] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Thu Jun  6 13:04:07 2002] [error] OpenSSL: error:1409E0E5:SSL
routines:SSL3_WRITE_BYTES:ssl handshake failure

==> ./logs/ssl_engine_log <==
[06/Jun/2002 13:04:07 01187] [info]  Connection to child 6 established
(server suse:443, client 192.168.0.142)
[06/Jun/2002 13:04:07 01187] [info]  Seeding PRNG with 23177 bytes of
entropy
[06/Jun/2002 13:04:07 01187] [info]  Connection: Client IP: 192.168.0.142,
Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits)
[06/Jun/2002 13:04:07 01187] [info]  Initial (No.1) HTTPS request received
for child 6 (server suse:443)
[06/Jun/2002 13:04:07 01187] [info]  Requesting connection re-negotiation
[06/Jun/2002 13:04:07 01187] [info]  Awaiting re-negotiation handshake
[06/Jun/2002 13:04:07 01187] [error] Re-negotiation handshake failed: Not
accepted by client!?
[06/Jun/2002 13:04:07 01187] [error] SSL error on writing data (OpenSSL
library error follows)
[06/Jun/2002 13:04:07 01187] [error] OpenSSL: error:1409E0E5:SSL
routines:SSL3_WRITE_BYTES:ssl handshake failure
[06/Jun/2002 13:04:07 01187] [info]  Connection to child 6 closed with
unclean shutdown (server suse:443, client 192.168.0.142)

==> ./logs/ssl_request_log <==
[06/Jun/2002:13:04:07 +0200] 192.168.0.142 SSLv3 (NONE) "GET /test/
HTTP/1.1" 265

==> ./logs/access_log <==
192.168.0.142 - - [06/Jun/2002:13:04:09 +0200] "GET /test/ HTTP/1.1" 403 265

==> ./logs/error_log <==
[Thu Jun  6 13:04:09 2002] [error] mod_ssl: Certificate Verification: Error
(20): unable to get local issuer certificate
[Thu Jun  6 13:04:09 2002] [error] mod_ssl: Re-negotiation handshake failed:
Not accepted by client!?
[Thu Jun  6 13:04:09 2002] [error] mod_ssl: Certificate Verification: Error
(20): unable to get local issuer certificate
[Thu Jun  6 13:04:09 2002] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Thu Jun  6 13:04:09 2002] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

==> ./logs/ssl_engine_log <==
[06/Jun/2002 13:04:09 01188] [info]  Connection to child 7 established
(server suse:443, client 192.168.0.142)
[06/Jun/2002 13:04:09 01188] [info]  Seeding PRNG with 23177 bytes of
entropy
[06/Jun/2002 13:04:09 01188] [info]  Connection: Client IP: 192.168.0.142,
Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits)
[06/Jun/2002 13:04:09 01188] [info]  Initial (No.1) HTTPS request received
for child 7 (server suse:443)
[06/Jun/2002 13:04:09 01188] [info]  Requesting connection re-negotiation
[06/Jun/2002 13:04:09 01188] [info]  Awaiting re-negotiation handshake
[06/Jun/2002 13:04:09 01188] [error] Certificate Verification: Error (20):
unable to get local issuer certificate
[06/Jun/2002 13:04:09 01188] [error] Re-negotiation handshake failed: Not
accepted by client!?
[06/Jun/2002 13:04:09 01188] [error] Certificate Verification: Error (20):
unable to get local issuer certificate
[06/Jun/2002 13:04:09 01188] [error] SSL error on writing data (OpenSSL
library error follows)
[06/Jun/2002 13:04:09 01188] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
[06/Jun/2002 13:04:09 01188] [info]  Connection to child 7 closed with
unclean shutdown (server suse:443, client 192.168.0.142)

==> ./logs/ssl_request_log <==
[06/Jun/2002:13:04:09 +0200] 192.168.0.142 SSLv3 (NONE) "GET /test/
HTTP/1.1" 265

thx for help
Jochen
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Client Certificate Problem

Reply via email to