Hi, I'm a newbie to SSL and I really need some help...
I've installed openssl-0.9.5a with mod_ssl-2.6.6-1.3.12 and apache_1.3.12 (on port 8443) on Sun Solaris 2.6.
The compiling went well and I've created a certificate with : make certificate TYPE=test
First of all, I've got some segmentation fault, but that situation as been corrected by modifying these two lines in my httpd.conf :
SSLVerifyClient 2
SSLVerifyDepth 10
I don't know exactly the meaning of "2" but I think it mean "require"...
I just want to see if my web server works with SSL. But when I type a https url in my browser I have an error message in my SSL_engine log :
[11/Oct/2000 11:03:16 19556] [info] Server: Apache/1.3.12, Interface: mod_ssl/2.6.6, Library: OpenSSL/0.9.5a
[11/Oct/2000 11:03:16 19556] [info] Init: 1st startup round (still not detached)
[11/Oct/2000 11:03:16 19556] [info] Init: Initializing OpenSSL library
[11/Oct/2000 11:03:16 19556] [info] Init: Loading certificate & private key of SSL-aware server _______:8443
[11/Oct/2000 11:03:16 19556] [info] Init: Requesting pass phrase via builtin terminal dialog
[11/Oct/2000 11:03:22 19556] [info] Init: Wiped out the queried pass phrases from memory
[11/Oct/2000 11:03:22 19556] [info] Init: Seeding PRNG with 1024 bytes of entropy
[11/Oct/2000 11:03:22 19556] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[11/Oct/2000 11:03:24 19556] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[11/Oct/2000 11:03:31 19563] [info] Init: 2nd startup round (already detached)
[11/Oct/2000 11:03:31 19563] [info] Init: Reinitializing OpenSSL library
[11/Oct/2000 11:03:31 19563] [info] Init: Seeding PRNG with 1024 bytes of entropy
[11/Oct/2000 11:03:31 19563] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
[11/Oct/2000 11:03:31 19563] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[11/Oct/2000 11:03:31 19563] [info] Init: Initializing (virtual) servers for SSL
[11/Oct/2000 11:03:31 19563] [info] Init: Configuring server svu10a0:8443 for SSL protocol
[11/Oct/2000 11:03:50 19566] [info] Connection to child 1 established (server _______:8443, client XXX.XXX.XXX.XXX)
[11/Oct/2000 11:03:50 19566] [info] Seeding PRNG with 1024 bytes of entropy
[11/Oct/2000 11:03:52 19566] [error] SSL handshake failed (server _______:8443, client XXX.XXX.XXX.XXX) (OpenSSL library error follows)
[11/Oct/2000 11:03:52 19566] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
Please help me understand the meaning of that error.
Regards,
Sebastien Roy - www.ivision.com
mail : [EMAIL PROTECTED]