Re: Problem Client Certificate Verification

Fri, 29 Jan 1999 15:56:58 -0500 

I'm having a similar problem.  Or maybe I just don't understand how this
is supposed to work.  I got a free trial demo certificate from Verisign.
I can click on the 'Security' button in Netscape and it shows it
installed.
Then with 

    SSLVerifyClient require

in httpd.conf, I try to surf to the page and get a 'No User Certificate'
error:

"The site 'SITE.NAME.HERE' has requested client authentication, but
you do not have a Personal Certificate to authenticate yourself. The
site may
choose not to give you access without one."

This happens with:

(1) SGI Irix 6.5, Apache 1.3.3, mod_ssl 2.1.6-1.3.3, openssl 0.9.1c,
RSAref 2.0
(2) Red Hat 5.2 Linux 2.0.35, Red Hat Secure Web Server 2.0

The error from the Red Hat one looks like:

[Fri Jan 29 11:36:47 1999] [error] mod_ssl: SSL_accept failed
[Fri Jan 29 11:36:47 1999] [error] SSLeay: error:140890C4:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate

I've poked around in the Netscape (Communicator 4.5) security and menu
areas 
but can't find anything to tell it to cough up this certificate.

Does this work for other people?

Christian Buysschaert wrote:

> I've been running into problems using required client
> certificate verification (SSLVerifyClient require)
> on NT Server 4 using Apache 1.3.3 with mod_ssl 2.1.5
> (and OpenSSL 0.9.1c). Netscape Communicator on NT
> Workstation 4 just crashes when browsing to the secure
> website with required client authentication (Netscape
> has been set to 'Ask Every Time' for the certificate
> he has to present).
> 
> I've included my httpd.conf and mod_ssl logfile (loglevel
> debug). It's a website running three virtual sites on a test
> intranet 192.168.0.1 .2 and .3. The site configured for required
> client auth is .2. Everything was freshly compiled with VC5 and MASM6.13.
> 
> Anybody who could help me out here?

-- 
           Larry Mulcahy                [EMAIL PROTECTED]
                   http://babylon5.spaceimaging.com/
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List               [EMAIL PROTECTED]
Automated List Manager                       [EMAIL PROTECTED]

Reply via email to