I'm going to do one repost in hopes that I get an answer to this. This
really has me stumped.
Hello, I've read the faq and the docs, I've scoured the mailing list, and I
can not find the answer to this. I'm trying to setup client cert
authentication. I have a Verisign signed personal cert on my browser, and
for now, a self signed cert on the server.
When I try to connect to the site, it prompts me twice for the certificate
to send, and then returns "Cannot find server". Here is the
lines from the error log:
[Thu May 10 10:56:51 2001] [error] mod_ssl: Certificate Verification: Error
(7): certificate signature failure
[Thu May 10 10:56:51 2001] [error] mod_ssl: SSL handshake failed (server
repsystem.amntv.com:443, client 207.138.31.11) (OpenSSL library error
follows)
[Thu May 10 10:56:51 2001] [error] OpenSSL: error:0D07908D:asn1 encoding
routines:ASN1_verify:unknown message digest algorithm
[Thu May 10 10:56:51 2001] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
[Thu May 10 10:56:52 2001] [error] mod_ssl: Certificate Verification: Error
(7): certificate signature failure
[Thu May 10 10:56:52 2001] [error] mod_ssl: SSL handshake failed (server
repsystem.amntv.com:443, client 207.138.31.11) (OpenSSL library error
follows)
[Thu May 10 10:56:52 2001] [error] OpenSSL: error:0D07908D:asn1 encoding
routines:ASN1_verify:unknown message digest algorithm
[Thu May 10 10:56:52 2001] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Here is the entry in my apache config:
<VirtualHost 207.218.174.12:443>
DocumentRoot /home/repsys/html
ServerName repsystem.amntv.com
ServerAdmin [EMAIL PROTECTED]
TransferLog /home/repsys/logs/secure.xfer
ErrorLog /home/repsys/logs/secure.error
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/repsystem.amntv.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/repsystem.amntv.com.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +ExportCertData +StdEnvVars
SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/repsystem.amntv.com.crt
<Directory "/home/repsys/html">
Options Indexes Includes FollowSymLinks ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<Directory "/home/repsys/cgi-bin">
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
I can connect to the HTTPS server just fine if I change SSLVerifyClient to
none. So I'm sure it has to do with the personal certs, but for the life of
me I can't figure out WHAT it has to do with them....I'm truly sorry if this
has been answered before, but I was unable to find any information regarding
this.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
