I am required to have our apache server using PKI client authentication by the end of July.
I have set up a test server with the latest and greatest Apache/2.2.2 (Unix) mod_ssl/2.2.2 OpenSSL/0.9.7 I have set up a ssl.conf using SSLVerifyClient require SSLVerifyDepth 10 and populated a CA certification file and enabled SSLCACertificateFile /usr/local/apache2/conf/dod_ca_bundle.crt On start the logs (set to debug) show the dod_ca_bundle.crt file being read in properly ---------------------- log output begin --------------------- ssl_engine_init.c(405): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) ssl_engine_init.c(538): Configuring client authentication ssl_engine_init.c(1113): CA certificate: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD CLASS 3 CA-10 ssl_engine_init.c(1113): CA certificate: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD CLASS 3 Root CA ssl_engine_init.c(601): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] -------------------------- log output end ----------------------------- However, when attempting to connect with IE nothing is returned. The pertinent log out looks like ---------------------- log output begin --------------------- ssl_engine_kernel.c(1752): OpenSSL: Handshake: start ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept initialization ssl_engine_io.c(1775): OpenSSL: read 11/11 bytes from BIO#918b100 [mem: 9192780] (BIO dump follows) : : ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read client hello A ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write server hello A ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write certificate A ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write certificate request A ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 flush data -------------------------- log output end ----------------------------- Looks like the next line indicates a problem: ---------------------- log output begin --------------------- ssl_engine_io.c(1786): OpenSSL: I/O error, 5 bytes expected to read on BIO #918b100 [mem: 9192780] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read client certificate A ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read client certificate A [client 157.187.160.114] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] -------------------------- log output end ----------------------------- Any help with this problem would be greatly appreciated. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]