the path for SSLCACertificateFile was wrong. know its working > -----Ursprüngliche Nachricht----- > Von: Jochen Vogel [mailto:[EMAIL PROTECTED]] > Gesendet: Donnerstag, 6. Juni 2002 13:14 > An: '[EMAIL PROTECTED]' > Betreff: Client Authentication Problem > > > hi, > > i created a CA and a ClientKey witch i imported in my Client. > in httpd.conf i configured > > Alias /test/ "/opt/www/test/" > <Directory "/opt/www/test/"> > Options Indexes > Order allow,deny > Allow from 192.168.0.142 > SSLVerifyClient require > SSLVerifyDepth 1 > </Directory > > if i try to connect i get the following error. > > ==> ./logs/ssl_engine_log <== > [06/Jun/2002 13:04:06 01186] [info] Connection to child 5 established > (server suse:443, client 192.168.0.142) > [06/Jun/2002 13:04:06 01186] [info] Seeding PRNG with 23177 bytes of > entropy > [06/Jun/2002 13:04:06 01186] [info] Connection: Client IP: > 192.168.0.142, > Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits) > [06/Jun/2002 13:04:06 01186] [info] Connection to child 5 closed with > standard shutdown (server suse:443, client 192.168.0.142) > > ==> ./logs/access_log <== > 192.168.0.142 - - [06/Jun/2002:13:04:07 +0200] "GET /test/ > HTTP/1.1" 403 265 > > ==> ./logs/error_log <== > [Thu Jun 6 13:04:07 2002] [error] mod_ssl: Re-negotiation > handshake failed: > Not accepted by client!? > [Thu Jun 6 13:04:07 2002] [error] mod_ssl: SSL error on writing data > (OpenSSL library error follows) > [Thu Jun 6 13:04:07 2002] [error] OpenSSL: error:1409E0E5:SSL > routines:SSL3_WRITE_BYTES:ssl handshake failure > > ==> ./logs/ssl_engine_log <== > [06/Jun/2002 13:04:07 01187] [info] Connection to child 6 established > (server suse:443, client 192.168.0.142) > [06/Jun/2002 13:04:07 01187] [info] Seeding PRNG with 23177 bytes of > entropy > [06/Jun/2002 13:04:07 01187] [info] Connection: Client IP: > 192.168.0.142, > Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits) > [06/Jun/2002 13:04:07 01187] [info] Initial (No.1) HTTPS > request received > for child 6 (server suse:443) > [06/Jun/2002 13:04:07 01187] [info] Requesting connection > re-negotiation > [06/Jun/2002 13:04:07 01187] [info] Awaiting re-negotiation handshake > [06/Jun/2002 13:04:07 01187] [error] Re-negotiation handshake > failed: Not > accepted by client!? > [06/Jun/2002 13:04:07 01187] [error] SSL error on writing > data (OpenSSL > library error follows) > [06/Jun/2002 13:04:07 01187] [error] OpenSSL: error:1409E0E5:SSL > routines:SSL3_WRITE_BYTES:ssl handshake failure > [06/Jun/2002 13:04:07 01187] [info] Connection to child 6 closed with > unclean shutdown (server suse:443, client 192.168.0.142) > > ==> ./logs/ssl_request_log <== > [06/Jun/2002:13:04:07 +0200] 192.168.0.142 SSLv3 (NONE) "GET /test/ > HTTP/1.1" 265 > > ==> ./logs/access_log <== > 192.168.0.142 - - [06/Jun/2002:13:04:09 +0200] "GET /test/ > HTTP/1.1" 403 265 > > ==> ./logs/error_log <== > [Thu Jun 6 13:04:09 2002] [error] mod_ssl: Certificate > Verification: Error > (20): unable to get local issuer certificate > [Thu Jun 6 13:04:09 2002] [error] mod_ssl: Re-negotiation > handshake failed: > Not accepted by client!? > [Thu Jun 6 13:04:09 2002] [error] mod_ssl: Certificate > Verification: Error > (20): unable to get local issuer certificate > [Thu Jun 6 13:04:09 2002] [error] mod_ssl: SSL error on writing data > (OpenSSL library error follows) > [Thu Jun 6 13:04:09 2002] [error] OpenSSL: error:140890B2:SSL > routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned > > ==> ./logs/ssl_engine_log <== > [06/Jun/2002 13:04:09 01188] [info] Connection to child 7 established > (server suse:443, client 192.168.0.142) > [06/Jun/2002 13:04:09 01188] [info] Seeding PRNG with 23177 bytes of > entropy > [06/Jun/2002 13:04:09 01188] [info] Connection: Client IP: > 192.168.0.142, > Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits) > [06/Jun/2002 13:04:09 01188] [info] Initial (No.1) HTTPS > request received > for child 7 (server suse:443) > [06/Jun/2002 13:04:09 01188] [info] Requesting connection > re-negotiation > [06/Jun/2002 13:04:09 01188] [info] Awaiting re-negotiation handshake > [06/Jun/2002 13:04:09 01188] [error] Certificate > Verification: Error (20): > unable to get local issuer certificate > [06/Jun/2002 13:04:09 01188] [error] Re-negotiation handshake > failed: Not > accepted by client!? > [06/Jun/2002 13:04:09 01188] [error] Certificate > Verification: Error (20): > unable to get local issuer certificate > [06/Jun/2002 13:04:09 01188] [error] SSL error on writing > data (OpenSSL > library error follows) > [06/Jun/2002 13:04:09 01188] [error] OpenSSL: error:140890B2:SSL > routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned > [06/Jun/2002 13:04:09 01188] [info] Connection to child 7 closed with > unclean shutdown (server suse:443, client 192.168.0.142) > > ==> ./logs/ssl_request_log <== > [06/Jun/2002:13:04:09 +0200] 192.168.0.142 SSLv3 (NONE) "GET /test/ > HTTP/1.1" 265 > > thx for help > Jochen > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
