In short I'm working on duplicating a web site locally for testing and 
I am unable to get Client certificates to work here in my lab.  

The "main/public" site is using apache 1.3.33 on OS X and is properly 
configured for client certs, but I can't get this test configuration 
to work. I am using "Apache 2.0.52" so that could be a factor.  
(if necessary, I will try to reconfigure with 1.3.33)

The client browser is IE 6.x and what is odd is when I navigate to the
"main/public" site I am prompted to select a certificate, but when
I  navigate to the "test" site IE 6.x just times out.  For that reason
I am suspicious of the apache configuration but I can't be certain.

I tried with FireFox (1.0) and it also timed out. Firefox is 
configured to "ask every time" for client cert. selection and
like IE, I am not prompted.

(I'm also suspicious as to why I can't select the client certificate 
from the IE dialog for the test site - only the certificate for the 
public site is listed.)

The virtual host configuration is listed below ("ssl.conf" was 
unchanged for 2.0.52) and the error in the ssl.log is also listed 
below.  If anyone could offer any trouble shooting tips that would 
be greatly appreciated.

Thanks for your time and assistance.



Additional information:

Version: Apache/2.0.52
OS:      Mac OS X 10.3.7


// here is the log of the error:

[info] Initial (No.1) HTTPS request received for child 5 (server 
[debug] ssl_engine_kernel.c(422): Changed client verification type will 
force renegotiation
[info] Requesting connection re-negotiation
[debug] ssl_engine_kernel.c(650): Performing full renegotiation: 
complete handshake protocol
[info] Awaiting re-negotiation handshake
[debug] ssl_engine_kernel.c(1756): OpenSSL: Handshake: start
[debug] ssl_engine_kernel.c(1764): OpenSSL: Loop: before accept 
[debug] ssl_engine_io.c(1517): OpenSSL: I/O error, 5 bytes expected to 
read on BIO#1280be0 [mem: 7f7000]
[debug] ssl_engine_kernel.c(1793): OpenSSL: Exit: error in SSLv2 read 
client hello B
[error] Re-negotiation handshake failed: Not accepted by client!?


// here is the virtual host info:

<VirtualHost www.apollo.home:443>
     DocumentRoot "/some_directory/ssl_site"
     ServerAdmin [EMAIL PROTECTED]
     ServerName www.apollo.home
     LogLevel warn
     # LogLevel debug

     SetEnvIf User-Agent ".*MSIE.*" \
              nokeepalive ssl-unclean-shutdown \
              downgrade-1.0 force-response-1.0

     #   Per-Server Logging:

     CustomLog  logs/apollo/443.access.log "%t %h %{SSL_PROTOCOL}x 
%{SSL_CIPHER}x \"%r\" %b"

     ErrorLog   logs/apollo/443.error.log
     DirectoryIndex "index.html"
     <IfModule mod_ssl.c>
         #  ssl stuff
         SSLEngine On
         SSLProtocol all -SSLv3

         LogLevel debug
         ErrorLog "logs/apollo/ssl.log"
         SSLOptions +StdEnvVars +ExportCertData

         # path to certificates and private key


     <Location /secure_dir>
         SSLVerifyClient require
         SSLVerifyDepth  3



Apache Interface to OpenSSL (mod_ssl)         
User Support Mailing List            
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to