On Mon, Aug 2, 2010 at 10:31 AM, Tina Exner <[email protected]> wrote: > hi all, > > we have a nexus multiid server for certificate authentication. > i try to pass the client smartcard certificates from apache to tomcat > server. > the tomcat talks to the nexus and the authentication take effect. > > when i try to export the client ca certificate to the tomcat server > i get the following errors: > > [Mon Aug 02 15:36:40 2010] [error] [client] Certificate Verification: Error > (20): unable to get local issuer certificate > [Mon Aug 02 15:36:40 2010] [error] [client] Re-negotiation handshake failed: > Not accepted by client!?
Wouldn't that mean an error between Apache and the browser, not tomcat? > > @Firefox: > (Fehlercode: ssl_error_unknown_ca_alert) Wouldn't that mean an error between Apache and the browser, not tomcat? > <Location /nexus> > SSLVerifyClient require > SSLVerifyDepth 5 Can you test without per-directory client certificate requests / renegotiation? Awfully complicated subject after CVE-2009-3555. -- Eric Covener [email protected] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [email protected] " from the digest: [email protected] For additional commands, e-mail: [email protected]
