Hi,all
I installed apache1.3.3 with mod_ssl_2.1.1 on my SUN sparc 10 machine. I created my
own CA and signed own server cert.
To create client certicficate, I downloaded PKCS12 from Dr. Henson's FAQ page, patched
CA certificate (with ca-fix) and compiled PKCS12.exe. Everything went well except I
run into error with SSL handshake when I tried to use the client cert to access the
secure server (both client cert and server cert were created by same self-created CA).
In the error_log file, it lists:
SSL handshake failed (SSLeay error follows)
SSLeay: error:140890B1:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certifgicate
returned
Certificate Verification:Error (20):unable to get local issuer certificate
Any hint what I have done wrong? I have re-do the links in ssl.crt directory (set by
SSLCACertificatePath) by make, and still does not work, with same errors.
Also, another question:
I am trying to sent certificate to remote client for them to access our secure wed
site. They do not have existing certificate. Is it appropriate to set SSLVerifyClient
directive in httpd.conf file to none for a short time, so remote client can get their
certs from the secure web site without a certificate initially? If doing so, will the
information still encrypted during transmission although client does not have a cert
himself? if yes, how the encryption and decryption works? Can anyone point to any
documentation regarding this? or Can I send the encrypted message (certificate) to a
client who does not have a certificate himself?
Thank you very much!
Greetings!
Xiaping
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
