Hi,
I've setup an apache server with client authentication via certificates as describes here:
http://www.freebsddiary.org/openssl-client-authentication.php
So I end up with these lines in my httpd.conf: SSLEngine On SSLProtocol all SSLCipherSuite HIGH:MEDIUM SSLCertificateFile /etc/apache/conf2/new1.cert.cert SSLCertificateKeyFile /etc/apache/conf2/privkey.pem SSLCACertificateFile /etc/apache/conf2/ca-bundle.crt SSLVerifyClient require SSLVerifyDepth 1
I have clients using IE, Opera and Mozilla/FireFox.
Mozilla and FireFox are latest versions (1.7.1 and 0.9.2) brand new installations.
I successfuly installed the certificate on all clients but it looks like Mozilla and Firefox are having problems finding the right certificate to send to the server:
- on the client side I get the following message:
"Server has received an incorrect or unexpected message. Error code: -12227"
which corresponds to: SSL_ERROR_HANDSHAKE_FAILURE_ALERT (http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html)
- on the server side I get the following message:
[error] mod_ssl: SSL handshake failed (OpenSSL library error follows)
[error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
I've seen some people with the same problem posting to different lists on the net but I've never seen any solution.
I'm not experiencing this problem with IE and Opera. Also, I've noticed that both IE and Opera ask the user to choose which certificate to present to the server which is not Mozilla's case.
Did I miss anything in Mozilla's configuration? Any suggestions?
Thanks in advance,
GP. _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
