On Fri, Jan 29, 1999, Larry Mulcahy wrote:
> I'm having a similar problem. Or maybe I just don't understand how this
> is supposed to work. I got a free trial demo certificate from Verisign.
> I can click on the 'Security' button in Netscape and it shows it
> installed.
> Then with
>
> SSLVerifyClient require
>
> in httpd.conf, I try to surf to the page and get a 'No User Certificate'
> error:
>
> "The site 'SITE.NAME.HERE' has requested client authentication, but
> you do not have a Personal Certificate to authenticate yourself. The
> site may
> choose not to give you access without one."
>
>[...]
> [Fri Jan 29 11:36:47 1999] [error] mod_ssl: SSL_accept failed
> [Fri Jan 29 11:36:47 1999] [error] SSLeay: error:140890C4:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
>
> I've poked around in the Netscape (Communicator 4.5) security and menu areas
> but can't find anything to tell it to cough up this certificate.
>
> Does this work for other people?
I think that's because NS 4.5 doesn't allow you to choose a certificate unless
mod_ssl sends the list of accepted CA's and mod_ssl cannot send it unless you
configure the CA with SSLCACertificatePath or SSLCACertificateFile. So, for
instance put the Versign certificate which signed your _client_ cert into the
ssl.crt dir.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
