I am using Apache 1.3.26 with OpenSSL 0.9.6c and client authentication works for me. I have SSLVerifyDepth set to 1 and specified an SSLSessionCache but otherwise my setup is roughly the same as yours.
--- "Jose Correia (J)" <[EMAIL PROTECTED]> wrote: > Hi all > > Is anyone aware of Apache version 1.3.20 having problems with client > authentication?? > > I've created my own CA created using openssl (vs 0.9.6a). I then > created and signed my server certificate with the CA using openssl. > (apache is on a RH Linux 6.2 machine) > > I then created a client public key using Java's keytool (from my > Win2000 client machine). I then took this key and signed it with my CA > using openssl which I duly converted into DER format. I then imported > my CA's certificate in my JSSE keystore plus the now created client > certificate which replaces the previous public key. > > In my Apache I mention these: > SSLCertificateFile /jose/CA2/server.crt > SSLCertificateKeyFile /jose/CA2/server.key > SSLCACertificateFile /jose/CA2/demoCA/cacert.pem > SSLVerifyClient require > SSLVerifyDepth 10 > > When I connect, I'm getting the following on ssl_engine.log > > "[17/Sep/2002 15:20:22 28388] [error] SSL handshake failed (server > 155.239.48.43:443, client 165.148.59.202) (OpenSSL library error > follows) > [17/Sep/2002 15:20:22 28388] [error] OpenSSL: error:14094416:SSL > routines:SSL3_READ_BYTES:sslv3 alert certificate unknown" > > and from my Java client I'm getting: > > "main, SEND SSL v3.1 ALERT: fatal, description = certificate_unknown > main, WRITE: SSL v3.1 Alert, length = 2 > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated" > > Hence my confusion since I know my client certificate was signed by > the CA mentioned in apache httpd.conf... :-( > > Anyone got a clue? I've searched extensevily... > > Thanks a lot > Jose Correia > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
