Hello all, I have a debian os running Apache 2.2.16(debian) along with tomcat 6.0.29. I use mod_jk as well as mod_auth_kerb module for apache. Apache and the modules are debian repository packages.
I recently attempted to activate common access cards and if I just activate them but do not force them it works great. Once I force access cards, I get the following error and my web-apps break. Force access cards via: SSLVerifyClient require SSLVerifyDepth 2 info level logging error.log: [Tue Jan 18 14:47:07 2011] [info] [client 127.0.1.1] SSL library error 1 in handshake (server myserver.xxx.xxx.xxx:443) [Tue Jan 18 14:47:07 2011] [info] SSL Library Error: 336105671 error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate No CAs known to server for verification? The web-app that throws this message uses a python proxy to make an ajax call to a different web context (we do this to avoid the cross site error). I believe what is happening is that the python script [client 127.0.1.1] is making the request to apache without valid client certs and hence is getting denied. I have a directive in apache2_home/sites-enabled/default-ssl conf file that I had hoped would solve this issue(however it does not). directive in default-ssl conf file Allow from localhost Allow from 127.0.1.1 Allow from 127.0.0.1 Is there a solution to this issue? Perhaps a way to not require client cert from localhost? Thanks for any advice, much appreciated! Cheers, G40
