Thanks for quick reply Serge,
I'm still a bit confused and can not really address the problem, so
I also checked the ssl access_log where I got these 2 messages:
192.168.0.254 - - [08/Apr/2008:22:27:59 +0200] "POST
/servlets/nexus.seam?action=authenticate&client=nexus-personal_4 HTTP/1.1"
403 -
192.168.0.254 - - [08/Apr/2008:22:28:00 +0200] "POST
/servlets/nexus.seam?action=authenticate&client=nexus-personal_4 HTTP/1.1"
500 3012
And in my java code where I usually (using Tomcat and a keystore) can fetch
the certificates I got a null-pointer exception (certs is now null)
X509Certificate[] certs =
(X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate");
How do I know that the Apache httpd correctly gets the certificates?
How do I fetch the certficate in my java application (Tomcat)?
Any other suggestions what is going wrong are highly appreciated.
Cheers
Chris
On Tue, Apr 8, 2008 at 9:54 PM, Serge Dubrouski <[EMAIL PROTECTED]> wrote:
> Just ignore them, they are generated when client switches between
> locations with different SSLVerifyClient options set.
>
> On Tue, Apr 8, 2008 at 1:51 PM, Christopher Ljungblad
> <[EMAIL PROTECTED]> wrote:
> > Hi,
> > We are using Apache httpd 2.2.3 on Red hat linux and have a problem with
> our
> > client certificates.
> >
> > In the ssl.conf file we have a configured a Virtual Host that listens to
> > port 444 that requires the client to verify a certificate.
> >
> > <VirtualHost *:444>
> > <Location /servlets/*>
> > SSLVerifyClient require
> > SSLVerifyDepth 1
> > SSLCACertificateFile /etc/pki/tls/certs/xxxxx_users.cer
> > </Location>
> >
> > This works out fine, the client certificate can be choosen in the
> browser
> > and I can fill in the password and click "ok".
> > But the certificate is not validated correctly and the ssl_error log
> says:
> >
> > [Tue Apr 08 15:25:23 2008] [error] Re-negotiation handshake failed: Not
> > accepted by client!?
> >
> > What am I missing? I got this working in Tomcat using the exact same
> > certificate. Is there a way to keep the client certificate
> > handling in Tomcat.
> >
> > Regards
> > /Christopher
> >
> >
>
>
>
> --
> Serge Dubrouski.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> " from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
<[EMAIL PROTECTED]>
