Trouble with netscape sending certificate
Hi, I'm not sure if this is a configuration problem. It must be because people are using mod_ssl. First my platform: AIX 4.2.1 using xlC.C 3.1.4.7 with -O2 -qarch=pwr2 Software: openssl-0.9.1c mod_ssl-2.2.2-1.3.4 apache_1.3.4 (mod_perl 1.18) Everything is compiled and to some extent working. That is with requiring client certificates I can use a virtual host with ssl. When I require client certificates I get this error: httpd: [Wed Feb 17 16:38:25 1999] [error] error:140890B0:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificates returned If the client doesn't have a certificate you get this message: httpd: [Wed Feb 17 16:38:09 1999] [error] error:140890C6:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate This is with a certifiacate installed on Netscape created using the FAQ: http://www.drh-consultancy.demon.co.uk/pkcs12faq.html#PR1 The same thing happens for Netscape4.5 on both Linux and Win95. Any ideas? Owen. PS If this is a list I'm not on it. o--o | Owen Williams| Systems Administrator | | [EMAIL PROTECTED] | Software Engineer | | Work: (0116) 2506349 | | | Home: (0116) 2259109 | We do web consultancy | |--| | World Wide Web Home Page : http://www.cms.dmu.ac.uk/~williams| | Short CV : http://www.cms.dmu.ac.uk/~williams/CV | o--o __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Trouble with netscape sending certificate
On Wed, Feb 17, 1999, Owen Williams wrote: [...] httpd: [Wed Feb 17 16:38:25 1999] [error] error:140890B0:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificates returned If the client doesn't have a certificate you get this message: httpd: [Wed Feb 17 16:38:09 1999] [error] error:140890C6:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate This is with a certifiacate installed on Netscape created using the FAQ: http://www.drh-consultancy.demon.co.uk/pkcs12faq.html#PR1 The same thing happens for Netscape4.5 on both Linux and Win95. I guess it's the situation where you haven't configured the CA cert with SSLCACertificate{File,Path}, this way the list of acceptable CAs the server sends to your NS45 is empty, and this way NS45 cannot provide a cert to the server. Any ideas? Configure the CA certs with SSLCACertificateFile. PS If this is a list I'm not on it. Yes, as the webpages and SUPPORT texts indicate, this is a list. I'll send a carbon copy to you, too. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]