Hi all, I have been using client certificate for a while (more than 2 years) successfuly.
But now, after migrating a server, I am stuck with a problem that I have no idea how to handle. I just spent 10 hours googling around and reading the doc without finding any clue. On my new set-up, the web browser seems to reject the negociation : [Sun Nov 22 22:51:36 2009] [info] [client ::1] Connection to child 2 established (server www.***.net:443) [Sun Nov 22 22:51:36 2009] [info] Seeding PRNG with 656 bytes of entropy [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_kernel.c(1875): OpenSSL: Handshake: start [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: before/accept initialization [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 11/11 bytes from BIO#7f35d1213840 [mem: 7f35d1218f00] (BIO dump follows) [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1791): +-------------------------------------------------------------------------+ [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1830): | 0000: 4f 50 54 49 4f 4e 53 20-2a 20 48 OPTIONS * H | [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1836): +-------------------------------------------------------------------------+ [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_kernel.c(1912): OpenSSL: Exit: error in SSLv2/v3 read client hello A [Sun Nov 22 22:51:36 2009] [info] [client ::1] SSL library error 1 in handshake (server www.***.net:443) [Sun Nov 22 22:51:36 2009] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!? [Sun Nov 22 22:51:36 2009] [info] [client ::1] Connection closed to child 2 with abortive shutdown (server www.***.net:443) I have tried a bund of different settings. Of course, I re-generated several times all the certificates, from the CA to the client. Both the CA and the client were imported into the web browser. The mod-ssl settings are in no point different from the previous machine, so am I missing ? So any help, any hint would be greatly appreciated. Thank you in advance, Regards, Jean-Christophe
signature.asc
Description: Ceci est une partie de message numériquement signée