Hello, I've read the faq and the docs, I've scoured the mailing list, and I
can not find the answer to this. I'm trying to setup client cert
authentication. I have a Verisign signed personal cert on my browser, and
for now, a self signed cert on the server.
When I try to connect to the site, it prompts me twice for the certificate
to send, and then returns "Cannot find server blah blah blah". Here is the
lines from the error log:
[Thu May 10 10:56:51 2001] [error] mod_ssl: Certificate Verification: Error
(7): certificate signature failure
[Thu May 10 10:56:51 2001] [error] mod_ssl: SSL handshake failed (server
repsystem.amntv.com:443, client 207.138.31.11) (OpenSSL library error
follows)
[Thu May 10 10:56:51 2001] [error] OpenSSL: error:0D07908D:asn1 encoding
routines:ASN1_verify:unknown message digest algorithm
[Thu May 10 10:56:51 2001] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
[Thu May 10 10:56:52 2001] [error] mod_ssl: Certificate Verification: Error
(7): certificate signature failure
[Thu May 10 10:56:52 2001] [error] mod_ssl: SSL handshake failed (server
repsystem.amntv.com:443, client 207.138.31.11) (OpenSSL library error
follows)
[Thu May 10 10:56:52 2001] [error] OpenSSL: error:0D07908D:asn1 encoding
routines:ASN1_verify:unknown message digest algorithm
[Thu May 10 10:56:52 2001] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Here is the entry in my apache config:
<VirtualHost 207.218.174.12:443>
DocumentRoot /home/repsys/html
ServerName repsystem.amntv.com
ServerAdmin [EMAIL PROTECTED]
TransferLog /home/repsys/logs/secure.xfer
ErrorLog /home/repsys/logs/secure.error
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/repsystem.amntv.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/repsystem.amntv.com.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +ExportCertData +StdEnvVars
SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/repsystem.amntv.com.crt
<Directory "/home/repsys/html">
Options Indexes Includes FollowSymLinks ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<Directory "/home/repsys/cgi-bin">
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
I can connect to the HTTPS server just fine if I change SSLVerifyClient to
none. So I'm sure it has to do with the personal certs, but for the life of
me I can't figure out WHAT it has to do with them....I'm truly sorry if this
has been answered before, but I was unable to find any information regarding
this.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
