Hi all Is anyone aware of Apache version 1.3.20 having problems with client authentication??
I've created my own CA created using openssl (vs 0.9.6a). I then created and signed my server certificate with the CA using openssl. (apache is on a RH Linux 6.2 machine) I then created a client public key using Java's keytool (from my Win2000 client machine). I then took this key and signed it with my CA using openssl which I duly converted into DER format. I then imported my CA's certificate in my JSSE keystore plus the now created client certificate which replaces the previous public key. In my Apache I mention these (I have mod-ssl vs 2.8.4): SSLCertificateFile /jose/CA2/server.crt SSLCertificateKeyFile /jose/CA2/server.key SSLCACertificateFile /jose/CA2/demoCA/cacert.pem SSLVerifyClient require SSLVerifyDepth 10 When I connect, I'm getting the following on ssl_engine.log "[17/Sep/2002 15:20:22 28388] [error] SSL handshake failed (server 155.239.48.43:443, client 165.148.59.202) (OpenSSL library error follows) [17/Sep/2002 15:20:22 28388] [error] OpenSSL: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown" and from my Java client I'm getting: "main, SEND SSL v3.1 ALERT: fatal, description = certificate_unknown main, WRITE: SSL v3.1 Alert, length = 2 javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated" Hence my confusion since I know my client certificate was signed by the CA mentioned in apache httpd.conf... :-( Anyone got a clue? I've searched extensevily... Thanks a lot Jose Correia ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
