Re: please help apache-ssl

Tue, 20 Feb 2001 06:17:59 -0800 

I don´t know much about modssl, but
If you set SSLVerifyClient to 1 you are telling the server
to authenticate its clients (criptographically verify the
client´s identity).

An entitity (let´s say somebody connecting to your server)
needs a certificate in order to be athenticated, but hardly any
web user has his own certificate (You have to buy it or
make your own certification authority and make the
server trust it). And that´s is your error message: your
browser does not have a certificate.

Just don´t set SSLVerifyClient to 1, if you want usual people
(99% of web users) to be able to get into your web.

Christoph Hubmann wrote:

>  in httpd.conf:SSLCACertificatePath
> /usr/local/ssl/certsSSLCACertificateFile
> /usr/local/ssl/certs/ClientCA.crtSSLCertificateFile
> /usr/local/ssl/certs/ServerCA.crtSSLCertificateKeyFile
> /usr/local/ssl/private/ServerCA.keySSLVerifyClient 1SSLVerifyDepth
> 1 with SSLVerifyClient 0 there is no problemwith SSLVerifyClient 1, i
> cant cennoct to the server in the error_log is the following
> message:[Tue Feb 20 16:01:14 2001]
> /usr/local/src/apache_1.3.14/src/modules/ssl/gcache s
> tarted
> [Tue Feb 20 16:01:14 2001] [debug] apache_ssl.c(369): Random input
> /dev/urandom(
> 1024) -> 1024
> [Tue Feb 20 16:01:14 2001] [info] created shared memory segment
> #118657
> [Tue Feb 20 16:01:14 2001]
> /usr/local/src/apache_1.3.14/src/modules/ssl/gcache s
> tarted
> [Tue Feb 20 16:01:14 2001] [notice] Apache/1.3.14 Ben-SSL/1.42 (Unix)
> configured
>  -- resuming normal operations
> [Tue Feb 20 16:01:14 2001] [info] Server built: Feb 16 2001 16:46:27
> [Tue Feb 20 16:01:27 2001] [debug] apache_ssl.c(369): Random input
> /dev/urandom(
> 1024) -> 1024
> [Tue Feb 20 16:01:29 2001] [error] SSL_accept failed
> [Tue Feb 20 16:01:29 2001] [error] error:140890B0:SSL
> routines:SSL3_GET_CLIENT_C
> ERTIFICATE:no certificates returned what is wrong? i use netscape
> 4.75 please help christoph hubmann

--

Jorge Olmos Forés


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to