Help! I am trying to get an Apache Server with OpenSSL to validate a client certificate. I have created a client application which succussfully validates the server certificate but cannot get the server to sucessfully validate a client certificate when SSLVerifyClient is set to require. I used the CA.sh to generate a CA certificate and a server certificate. The client has a copy of the CA certificate which is loaded via the SSL_load_verify_locations(). The httpd.conf file is set to point to the CA file generated above. The following is output in the ssl_engine_log file: [09/Nov/1999 16:38:08 05207] [info] Server: Apache/1.3.9, Interface: mod_ssl/2.4.5, Library: OpenSSL/0.9.4 [09/Nov/1999 16:38:08 05207] [info] Init: 1st startup round (still not detached) [09/Nov/1999 16:38:08 05207] [info] Init: Initializing OpenSSL library [09/Nov/1999 16:38:08 05207] [info] Init: Loading certificate & private key of SSL-aware server uks634.uk.oracle.com:443 [09/Nov/1999 16:38:08 05207] [info] Init: Requesting pass phrase via builtin terminal dialog [09/Nov/1999 16:38:11 05207] [trace] Init: (uks634.uk.oracle.com:443) encrypted RSA private key - pass phrase requested [09/Nov/1999 16:38:11 05207] [info] Init: Wiped out the queried pass phrases from memory [09/Nov/1999 16:38:11 05208] [info] Init: 2nd startup round (already detached) [09/Nov/1999 16:38:11 05208] [info] Init: Reinitializing OpenSSL library [09/Nov/1999 16:38:11 05208] [trace] Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0 [09/Nov/1999 16:38:11 05208] [info] Init: Seeding PRNG with 8 bytes of entropy [09/Nov/1999 16:38:11 05208] [info] Init: Generating temporary RSA private keys (512/1024 bits) [09/Nov/1999 16:38:15 05208] [info] Init: Configuring temporary DH parameters (512/1024 bits) [09/Nov/1999 16:38:15 05208] [info] Init: Initializing (virtual) servers for SSL [09/Nov/1999 16:38:15 05208] [info] Init: Configuring server uks634.uk.oracle.com:443 for SSL protocol [09/Nov/1999 16:38:15 05208] [trace] Init: (uks634.uk.oracle.com:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [09/Nov/1999 16:38:15 05208] [trace] Init: (uks634.uk.oracle.com:443) Configuring client authentication [09/Nov/1999 16:38:15 05208] [trace] CA certificate: [EMAIL PROTECTED] [09/Nov/1999 16:38:15 05208] [trace] CA certificate: [EMAIL PROTECTED] [09/Nov/1999 16:38:15 05208] [trace] Init: (uks634.uk.oracle.com:443) Configuring RSA server certificate [09/Nov/1999 16:38:15 05208] [warn] Init: (uks634.uk.oracle.com:443) RSA server certificate CommonName (CN) `Where' does NOT match server name!? [09/Nov/1999 16:38:15 05208] [trace] Init: (uks634.uk.oracle.com:443) Configuring RSA server private key [09/Nov/1999 16:38:15 05209] [info] Connection to child 0 established (server uks634.uk.oracle.com:443, client 138.3.208.63) [09/Nov/1999 16:38:15 05209] [trace] Seeding PRNG with 1032 bytes of entropy [09/Nov/1999 16:38:15 05209] [trace] OpenSSL: Handshake: start [09/Nov/1999 16:38:15 05209] [trace] OpenSSL: Loop: before/accept initialization [09/Nov/1999 16:38:15 05209] [trace] OpenSSL: Loop: SSLv3 read client hello A [09/Nov/1999 16:38:15 05209] [trace] OpenSSL: Loop: SSLv3 write server hello A [09/Nov/1999 16:38:15 05209] [trace] OpenSSL: Loop: SSLv3 write certificate A [09/Nov/1999 16:38:15 05209] [trace] OpenSSL: Loop: SSLv3 write key exchange A [09/Nov/1999 16:38:15 05209] [trace] OpenSSL: Loop: SSLv3 write certificate request A [09/Nov/1999 16:38:15 05209] [trace] OpenSSL: Loop: SSLv3 write server done A [09/Nov/1999 16:38:15 05209] [trace] OpenSSL: Loop: SSLv3 flush data [09/Nov/1999 16:38:15 05209] [trace] OpenSSL: Write: SSLv3 read client certificate B [09/Nov/1999 16:38:15 05209] [trace] OpenSSL: Exit: error in SSLv3 read client certificate B [09/Nov/1999 16:38:15 05209] [trace] OpenSSL: Exit: error in SSLv3 read client certificate B [09/Nov/1999 16:38:15 05209] [error] SSL handshake failed (client 138.3.208.63, server uks634.uk.oracle.com:443) (OpenSSL library error follows) [09/Nov/1999 16:38:15 05209] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?] Any help would be appreitiated thanks Andy griffin
begin:vcard n:Griffin;Andrew tel;home:0018 9722935 tel;work:0118 9245580 x-mozilla-html:FALSE adr:;;;;;; version:2.1 email;internet:[EMAIL PROTECTED] note:IMAP://ims1.uk.oracle.com?fetch>UID>/Personal>183&part=1.2 x-mozilla-cpt:;-25280 fn:Andrew Griffin end:vcard
