----- Original Message -----
From: Groce, Jonathan (CRTATL) <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, December 23, 2000 2:28 PM
Subject: [openca-users:171] RE: Re: Problems accesssing RA Server securely....
> Actually I figured out what the problem was after I posted this message.
> I had the ca cert in the right directory but it did not have the hashed soft
> link
> to the cert in the same directory, therefore openssl did not see it. I still
> can't get
> the operator serial number to come up on the raserver and the signature and
> serial number
> are not displayed in the ca server during the approval process even though
> the
> operator correctly approved and signed the request...
please check the httpd.conf according to the example in /openca_src/misc/apache/
and add SSLOptions +StdEnvVars for your cgi directory
> Thanks for the help!
>
> Jon Groce
> Service & Network Operations
> Concert Integrated Security Services (CISS)
> [EMAIL PROTECTED]
> voice +1 770.333.4629
> fax +1 770.333.4899
>
>
> -----Original Message-----
> From: songyi [mailto:[EMAIL PROTECTED]]
> Sent: Friday, December 22, 2000 9:14 PM
> To: [EMAIL PROTECTED]
> Subject: [openca-users:168] Re: Problems accesssing RA Server
> securely....
>
>
> Have you put your CAServer's cert in /etc/httpd/conf/ssl.crt/ directory?
>
> And config it in httpd.conf like this:
> SSLCACertificatePath /etc/httpd/conf/ssl.crt
> SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca.crt
>
> ----- Original Message -----
> From: Groce, Jonathan (CRTATL) <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, December 23, 2000 2:15 AM
> Subject: [openca-users:167] Problems accesssing RA Server securely....
>
>
> > > I am not sure if this has been covered before but I am still having
> > > problems so here goes....
> > >
> > > When I set the SSLVerifyClient to 'require' in httpd.conf I am unable to
> > > access the RA Server
> > > using https. The output of the error_log is as follows (I have altered
> the
> > > URLs) :
> > >
> > > [Fri Dec 22 12:53:02 2000] [error] mod_ssl: Certificate Verification:
> > > Error (20): unable to get local issuer certificate
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > > [Fri Dec 22 12:53:02 2000] [error] mod_ssl: SSL handshake failed (server
> > > raserver.concert.com:443, client myip.concert.com)
> > > [Fri Dec 22 12:53:02 2000] [error] OpenSSL: error:140890B2:SSL
> > > routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
> > >
> > > I have an RA Operator certificate in my browser that I generated and
> > > imported. I can view and verify this certificate in my broser and the
> > > information is correct.
> > > I am not restricting access to the page except that it must be SSL. The
> > > paths to verify and sign are correct on both the CA and the RA servers,
> as
> > > are the paths to openssl and all of the certificates. I even have ldap
> > > working now if I do not require a certificate to enter the RAServer. I
> > > have removed and reinstalled (without the rpm), openssl 0.9.6, openldap
> > > 1.2.11 and the RAServer, of which I am using the 20001121 Snap.
> Everthing
> > > else works great... and I am baffled... Could anyone answer this?
> > >
> > > Regards,
> > > Jon Groce
> > > Service & Network Operations
> > > Concert Integrated Security Services (CISS)
> > > [EMAIL PROTECTED]
> > > voice +1 770.333.4629
> > > fax +1 770.333.4899
> > >
> >
>
> _________________________________________________________________
> OpenCA - Users Support Mailing List [EMAIL PROTECTED]
>
_________________________________________________________________
OpenCA - Users Support Mailing List [EMAIL PROTECTED]
