Versions:
SSLeay 0.9.0b
rsaref 2.0
mod_ssl 2.2.2
Apache 1.3.4
Hi,
I've compiled the whole apache package per your instructions found
at http://www.engelschall.com/sw/mod_ssl/distrib/mod_ssl-SNAP/INSTALL.
I've obtained a server certificate, and the CA certificate. I've
placed them in their respective places (for the CA certificate, both in
the bundle and as a free file). I've run make in the ssl.crt directory.
In the httpd.conf, I've enabled either the SSLCACertificatePath or
SSLCACertificateFile (but not both). I've configured an .htaccess file
whose contents are:
SSLRequireSSL
In httpd.conf, I specify that:
SSLVerifyClient require
SSLVerifyDepth 10
SSL should authenticate the client.
Now, given all that, when I access the directory with a valid client
certificate, I get the following errors:
Netscape 4.05: The server cannot verify your certificate.
error_log says:
httpd: [Fri Feb 12 11:08:08 1999] [notice] mod_perl/1.18 Apache/1.3.4 (Unix)
mod_ssl/2.2.2 SSLeay/0.9.0b configured -- resuming normal operations
httpd: [Fri Feb 12 11:08:08 1999] [info] Server built: Feb 11 1999 23:21:49
httpd: [Fri Feb 12 11:08:12 1999] [error] mod_ssl: Certificate Verification: Error
(20): unable to get local issuer certificate
httpd: [Fri Feb 12 11:08:12 1999] [error] mod_ssl: SSL handshake failed (client
18.250.0.80, server my.server.com:443) (SSLeay library error follows)
httpd: [Fri Feb 12 11:08:12 1999] [error] SSLeay: error:140890B1:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
However, I can verify the server certificate which is signed by the
same CA as the client cert, by running
ssleay verify -CApath <proper path> server.crt
Could you help me determine why the server cannot authenticate the
client certificate? Thank you!
Lukasz
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
