I´m trying to setup a system where the client authentication for a special directory should be done via client certificates. I have set up a CA (using OpenSSL) and the according certificate and key files for the CA the server and a client. The client browser (Mozilla Firefox) has all certificates necessary. My vhost-ssl.conf (based on the standard template file) contains the following directory entry
<Directory /srv/www/htdocs/very/secure> SSLVerifyClient require SSLVerifyDepth 1 SSLRequireSSL SSLOptions +FakeBasicAuth SSLCACertificateFile /etc/apache2/ssl.crt/ca.crt SSLCipherSuite HIGH:MEDIUM SSLRequire %{SSL_CLIENT_S_DN_O} eq "My Organisation" \ and %{SSL_CLIENT_S_DN_OU} eq "My Department" </Directory> However the browser cannot access the directory. The client is waiting for my server until server timeout. Apaches errror.log (level=info) shows Creating new config (0x5cbfc8) for (null) [Thu Jun 09 17:28:45 2005] [info] Init: Initializing OpenSSL library [Thu Jun 09 17:28:45 2005] [info] Init: Seeding PRNG with 144 bytes of entropy [Thu Jun 09 17:28:45 2005] [info] Loading certificate & private key of SSL-aware server [Thu Jun 09 17:28:45 2005] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Thu Jun 09 17:28:45 2005] [info] Init: Generating temporary DH parameters (512/1024 bits) [Thu Jun 09 17:28:45 2005] [info] Shared memory session cache initialised [Thu Jun 09 17:28:45 2005] [info] Init: Initializing (virtual) servers for SSL [Thu Jun 09 17:28:45 2005] [info] Configuring server for SSL protocol [Thu Jun 09 17:28:45 2005] [info] Server: Apache/2.0.53, Interface: mod_ssl/2.0.53, Library: OpenSSL/0.9.7e [Thu Jun 09 17:28:46 2005] [notice] Apache/2.0.53 (Linux/SUSE) configured -- resuming normal operations [Thu Jun 09 17:28:46 2005] [info] Server built: Mar 19 2005 22:42:07 [Thu Jun 09 17:33:46 2005] [info] Connection to child 0 established (server www.myserver.com:443, client 192.168.0.253) [Thu Jun 09 17:33:46 2005] [info] Seeding PRNG with 144 bytes of entropy [Thu Jun 09 17:33:46 2005] [info] Initial (No.1) HTTPS request received for child 0 (server www.myserver.com:443) [Thu Jun 09 17:33:46 2005] [info] Requesting connection re-negotiation [Thu Jun 09 17:33:46 2005] [info] Awaiting re-negotiation handshake [Thu Jun 09 17:38:46 2005] [error] Re-negotiation handshake failed: Not accepted by client!? The other directories of the server can be accessed with SSL without any problems. Also the SSLRequireSSL directive doesn´t work as expected. I still can access that directory without using SSL. What´s wrong? (I´m using a version 2.0.53 apache (mod_ssl builtin) on a SuSE 9.3 64-bit system) Thanks for any helpfull hint Harry ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]