Problem with client digital certificate

Tue, 16 Jul 2002 10:40:24 -0700 

Hi,

I'm having some problems using my own CA for user authentication in Apache modssl, 
win32.
Everything works fine with a demo certificate issued by GlobalSign but when I try with 
a certificate issued by by own CA I get Invalid Certificate.
Here are the Logs Files:

OK:

+-------------------------------------------------------------------------+
[Tue Jul 16 16:19:59 2002] [debug] 
C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1294):
 Certificate Verification: depth: 3, subject: /C=BE/O=GlobalSign nv-sa/OU=Root 
CA/CN=GlobalSign Root CA, issuer: /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign 
Root CA
[Tue Jul 16 16:19:59 2002] [debug] 
C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1294):
 Certificate Verification: depth: 2, subject: /C=BE/O=GlobalSign nv-sa/OU=Primary 
Class 1 CA/CN=GlobalSign Primary Class 1 CA, issuer: /C=BE/O=GlobalSign nv-sa/OU=Root 
CA/CN=GlobalSign Root CA
[Tue Jul 16 16:19:59 2002] [debug] 
C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1294):
 Certificate Verification: depth: 1, subject: /C=BE/O=GlobalSign nv-sa/OU=Class 1 
CA/CN=GlobalSign Class 1 CA, issuer: /C=BE/O=GlobalSign nv-sa/OU=Primary Class 1 
CA/CN=GlobalSign Primary Class 1 CA
[Tue Jul 16 16:19:59 2002] [debug] 
C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1294):
 Certificate Verification: depth: 0, subject: 
[EMAIL PROTECTED][EMAIL PROTECTED], issuer: 
/C=BE/O=GlobalSign nv-sa/OU=Class 1 CA/CN=GlobalSign Class 1 CA
[Tue Jul 16 16:19:59 2002] [debug] 
C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1854):
 OpenSSL: Loop: SSLv3 read client certificate A
[Tue Jul 16 16:19:59 2002] [debug] 
C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1854):
 OpenSSL: Loop: SSLv3 read client key exchange A
[Tue Jul 16 16:19:59 2002] [debug] 
C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1854):
 OpenSSL: Loop: SSLv3 read certificate verify A
[Tue Jul 16 16:19:59 2002] [debug] 
C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_io.c(1027):
 OpenSSL: read 5/5 bytes from BIO#bogus %p[mem: bogus %p (Q�o�U�o�aX
[Tue Jul 16 16:19:59 2002] [debug] 
C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_io.c(974):
 +-------------------------------------------------------------------------+

NOT OK:

+-------------------------------------------------------------------------+
[Tue Jul 16 16:23:47 2002] [debug] 
C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1294):
 Certificate Verification: depth: 1, subject: 
/C=PT/L=Lisboa/O=Optimus/OU=DT/Networks/IPS/CN=PosNet 
[EMAIL PROTECTED], issuer: /C=PT/L=Lisboa/O=Optimus/CN=OptimusCA
[Tue Jul 16 16:23:47 2002] [error] Certificate Verification: Error (24): invalid CA 
certificate
[Tue Jul 16 16:23:48 2002] [debug] 
C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1864):
 OpenSSL: Write: SSLv3 read client certificate B
[Tue Jul 16 16:23:48 2002] [debug] 
C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1883):
 OpenSSL: Exit: error in SSLv3 read client certificate B
[Tue Jul 16 16:23:48 2002] [debug] 
C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1883):
 OpenSSL: Exit: error in SSLv3 read client certificate B
[Tue Jul 16 16:23:48 2002] [error] SSL handshake failed (server 
jsrodrigues.optimus.pt:443, client 172.2.2.135)
[Tue Jul 16 16:23:48 2002] [error] SSL Library Error: 336105650 error:140890B2:SSL 
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
[Tue Jul 16 16:23:48 2002] [info] Connection to child 145 established (server 
jsrodrigues.optimus.pt:443, client 172.2.2.135)
[Tue Jul 16 16:23:48 2002] [info] Seeding PRNG with 0 bytes of entropy
[Tue Jul 16 16:23:48 2002] [debug] 
C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1846):
 OpenSSL: Handshake: start
[Tue Jul 16 16:23:48 2002] [debug] 
C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_kernel.c(1854):
 OpenSSL: Loop: before/accept initialization
[Tue Jul 16 16:23:48 2002] [debug] 
C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_io.c(1027):
 OpenSSL: read 11/11 bytes from BIO#bogus %p[mem: bogus %p (Q�o�U�o�\
[Tue Jul 16 16:23:48 2002] [debug] 
C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\modules\ssl\ssl_engine_io.c(974):
 +-------------------------------------------------------------------------+

Can anyone helpme please!

  Jo�o Rodrigues
  ______________________
  Optimus - DT/Networks/IPS
  Tel: +351 931003838
  Tm: +351 931013838
  Fax: +351 931023838
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to