Hi everybody, I am using Apache-1.3.27 with mod_ssl-2.8.12 and OpenSSL-0.9.7.
I have created a secure area that requires client SSL authentication:
<VirtualHost _default_:443>
DocumentRoot "/var/www/html"
ServerName 192.168.2.237
ServerAdmin [EMAIL PROTECTED]
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
SSLEngine on
SSLCipherSuite ALL
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
SSLCACertificateFile /var/www/html/pki/ATEXO/testUserCert/ATEXO.crt
SSLCARevocationFile /var/www/html/pki/testUserCert/ATEXO.crl
<Location /pki/ATEXO/testUserCert>
SSLOptions +StdEnvVars +CompatEnvVars
SSLVerifyClient require
SSLVerifyDepth 2
</Location>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
The server responds correctly to clients (IE or Mozilla) when it is freshly
started. But after few minutes of running, I try to access to the same page
with Mozilla but it fails with the error: "Error establishing an encryted
connection to 192.168.2.237. Error Code: -12192" and IE displays a classical
error "Page not found".
When it happens, The Apache log contains these lines:
[Fri Jan 31 10:10:44 2003] [error] mod_ssl: Certificate Verification: Error
(7): certificate signature failure
[Fri Jan 31 10:10:44 2003] [error] mod_ssl: Re-negotiation handshake failed:
Not accepted by client!?
[Fri Jan 31 10:10:44 2003] [error] mod_ssl: Certificate Verification: Error
(7): certificate signature failure
[Fri Jan 31 10:10:44 2003] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Fri Jan 31 10:10:44 2003] [error] OpenSSL:
error:0D0890A1:lib(13):func(137):reason(161)
[Fri Jan 31 10:10:44 2003] [error] OpenSSL:
error:140890B2:lib(20):func(137):reason(178)
Please any help is welcome. It has been 10 days that I'm trying to solve
this problem ...
Best regards
<<attachment: winmail.dat>>
