I am not sure if this has been covered before but I am still having problems so here goes....
When I set the SSLVerifyClient to 'require' in httpd.conf I am unable to access the RA Server
using https. The output of the error_log is as follows (I have altered the URLs) :
[Fri Dec 22 12:53:02 2000] [error] mod_ssl: Certificate Verification: Error (20): unable to get local issuer certificate
[Fri Dec 22 12:53:02 2000] [error] mod_ssl: SSL handshake failed (server raserver.concert.com:443, client myip.concert.com)
[Fri Dec 22 12:53:02 2000] [error] OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
I have an RA Operator certificate in my browser that I generated and imported. I can view and verify this certificate in my broser and the information is correct.
I am not restricting access to the page except that it must be SSL. The paths to verify and sign are correct on both the CA and the RA servers, as are the paths to openssl and all of the certificates. I even have ldap working now if I do not require a certificate to enter the RAServer. I have removed and reinstalled (without the rpm), openssl 0.9.6, openldap 1.2.11 and the RAServer, of which I am using the 20001121 Snap. Everthing else works great... and I am baffled... Could anyone answer this?
Regards,
Jon Groce
Service & Network Operations
Concert Integrated Security Services (CISS)
[EMAIL PROTECTED]
voice +1 770.333.4629
fax +1 770.333.4899
