On Fri, May 05, 2000 at 11:03:25AM +0800, Kelly Lew wrote:
> I am using Apache 1.3.12, open_ssl-0.9.5, and mod_ssl 2.6.2 with client
> authentication. The server throw errors when it verify the client
> certificate, the errors are as below:
>
> [error] mod_ssl: Certificate Verification: Error (26): unsupported
> certificate purpose
> [error] mod_ssl: SSL handshake failed (server www.snakeoil.dom:443,
> client 127.0.0.1) (OpenSSL library error follows)
> [error] OpenSSL: error:140890B2:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
>
> I have installed the client Ca into the ca-bundle.crt, but it still give
> me problems. Can someone tell me what is the problem and how to solve it
> ?
You have probaly used a CA certificate that does not have the right key usage
extensions.
You could test this by doing: openssl x509 -in ca.crt -text
Then if it is a correct CA certificate, then it will have something like
X509v3 Basic Constraints:
CA:TRUE, pathlen:0
Netscape Cert Type:
SSL CA
The CA:TRUE is important.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
