Hello: I am attempting to do client cert based authentication with Apache on linux.
Having installed Apache + ssl with the custom cert option and created my own CA, etc, I try to create a client cert with openssl's pkcs12 command. I've tried this several ways without success. No matter which arguments I give to the openssl pkcs12 routine, the pkcs12 file output does not seem to function as a client certificate. It can be installed in Netscape. However, when I attempt to access the protected part of the site, Netscape claims that I do not have a 'personal certificate', and the apache log says: [Fri Dec 7 18:49:37 2001] [error] mod_ssl: Re-negotiation handshake failed: Not accepted by client!? [Fri Dec 7 18:49:37 2001] [error] mod_ssl: SSL error on writing data (OpenSSL library error follows) [Fri Dec 7 18:49:37 2001] [error] OpenSSL: error:1408F071:SSL routines:SSL3_GET_RECORD:bad mac decode [Hint: Browser still remembered details of a re-created server certificate?] It appears that the pkcs12 file created when I issue: openssl pkcs12 -in ssl.crt/server.crt -inkey ssl.key/server.key -export -out foo.p12 is not doing the trick. Does someone out there have a better recipe, explanation, or a nice roasting flame because I'm doing something dumb? Thanks in advance, -- Conrad Heiney [EMAIL PROTECTED] http://fringehead.org ---------- YOW!! Everybody out of the GENETIC POOL! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
