Does anyone have the part up and running where I can force the client
certificate to be checked?
I can get the browser to select the certificate but on the server side I get
the following log file error:
[Wed May 03 18:46:08 2000] [error] mod_ssl: Certificate Verification: Error
(20): unable to get local issuer certificate
[Wed May 03 18:46:08 2000] [error] mod_ssl: SSL handshake failed (server
www.drkbtefftw3084.dresdnerkb.com:443, client 127.0.0.1) (OpenSSL library
error follows)
[Wed May 03 18:46:08 2000] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
I am my own CA since I do not want to pay a fortune for the Certificates by
some other signer because this a waist of money for my users.
Is this really needed I guess the communication is crypt in both directions
anyway.
But it gives me a little more security since the client has to have my
certificate installed in his browser.
I could also prevent some places as the states from accessing my server in a
filter but I do not want that since I then have to go and maintain this
filter all the time.
My server is not installed yet in it's right place is that why it does not
work? I just usage my own local host that is not the server address in the
server certificate!
Lars
> -----Original Message-----
> From: Luke Chiam
> Sent: 03 May 2000 09:37
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: self signed certificate
>
> Brian
>
> what is the config you use when "make" openssl... this will be where the
> openssl.cnf file will be looked for...
>
> I use
> ./config openssldir=/usr/local/apache/openssl-0.9.5/apps
>
> I think you can use "Configure" to change this setting without "re-make".
> And you can foolow the FAQ on mod_ssl.org to sign you own CA cert which in
> turn you can use to sign you server cert. Use "sign.sh" to ease the
> process.
>
> Luke Chiam
> [EMAIL PROTECTED]
>
> -----Original Message-----
> From: Brian J. Rohan <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>;
> [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Wednesday, May 03, 2000 3:32 PM
> Subject: self signed certificate
>
>
> >I too am trying to create a self signed certificate for my server. I
> >have already made and installed everything necessary (using Apache
> >1.3.12, open_ssl-0.9.4, and mod_ssl 2.6) (except openssl, which I did
> >not install, only made) to get my server running, then I created a
> >certificate by going into the apache dir, and typed make certificate.
> >When I made the certificate, it was automatically signed by Snake Oil,
> >LTD. After following another thread on here I went to the dir created
> >when I untarred the openssl file, and went to /apps, and tried to edit
> >the openssl.cnf fiel to change the signor to reflect myself, but could
> >not find where to do this. Where do I need to make the changes as to
> >be able to generate a self signed cert? I see some a variable reference
> >labeled, issuer, but do not see where that variable is initialized. Is
> >this the variable I need to change, if so where do i change it to
> >reflect my own name?
> >
> >Brian
> >
> >
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> >User Support Mailing List [EMAIL PROTECTED]
> >Automated List Manager [EMAIL PROTECTED]
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
