On Tue, Jun 17, 2014 at 06:48:28PM -0700, Nelson wrote:
> Perfectly working VM running Amazon Linux with Apache and mod_ssl
> configured for client certificates.
>
> Ran yum update to get the latest openssl (OpenSSL 1.0.1h-fips 5
> Jun 2014)/mod_ssl(2.2.27 )/httpd(2.2.27) security updates from
> Amazon's yum repository.
Did Apache get upgraded too? Did the upgrade change the default
cipherlist?
> Now the client certificate checks are failing and I am getting:
What is the key size of the client certificates? What is the
signature algorithm?
> "Certificate Verification: Error (7): certificate signature
> failure" in the Apache log.
Are they signed with MD5? Did Apache disable support for MD5
signed certs?
> SSLVerifyClient require
> SSLVerifyDepth 1
> SSLCACertificateFile /etc/ssl/certs/clientca_master
Have you tried a VerifyDepth of 2 or more?
Do the client certs in question work with "openssl s_server" as
the server?
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
