[openca-users:168] Re: Problems accesssing RA Server securely....

Fri, 22 Dec 2000 18:04:19 -0800 

Have you put your CAServer's cert in /etc/httpd/conf/ssl.crt/ directory?

And config it in httpd.conf like this:
SSLCACertificatePath /etc/httpd/conf/ssl.crt
SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca.crt

----- Original Message ----- 
From: Groce, Jonathan (CRTATL) <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, December 23, 2000 2:15 AM
Subject: [openca-users:167] Problems accesssing RA Server securely....


> > I am not sure if this has been covered before but I am still having
> > problems so here goes....
> > 
> > When I set the SSLVerifyClient to 'require' in httpd.conf I am unable to
> > access the RA Server
> > using https. The output of the error_log is as follows (I have altered the
> > URLs) :
> > 
> > [Fri Dec 22 12:53:02 2000] [error] mod_ssl: Certificate Verification:
> > Error (20): unable to get local issuer certificate
      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > [Fri Dec 22 12:53:02 2000] [error] mod_ssl: SSL handshake failed (server
> > raserver.concert.com:443, client myip.concert.com)
> > [Fri Dec 22 12:53:02 2000] [error] OpenSSL: error:140890B2:SSL
> > routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
> > 
> > I have an RA Operator certificate in my browser that I generated and
> > imported. I can view and verify this certificate in my broser and the
> > information is correct.
> > I am not restricting access to the page except that it must be SSL. The
> > paths to verify and sign are correct on both the CA and the RA servers, as
> > are the paths to openssl and all of the certificates. I even have ldap
> > working now if I do not require a certificate to enter the RAServer. I
> > have removed and reinstalled (without the rpm), openssl 0.9.6, openldap
> > 1.2.11 and the RAServer, of which I am using the 20001121 Snap. Everthing
> > else works great... and I am baffled... Could anyone answer this?
> > 
> > Regards,
> > Jon Groce
> > Service & Network Operations
> > Concert Integrated Security Services (CISS)
> > [EMAIL PROTECTED]
> > voice +1 770.333.4629
> > fax  +1 770.333.4899
> > 
> 

_________________________________________________________________
OpenCA - Users Support Mailing List       [EMAIL PROTECTED]

Reply via email to