Hi there
I set the depth to 1 and I do have my cache set to:
SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/usr/local/apache/logs/ssl_mutex
Still not working...
Argghhh, this is so frustrating... any other ideas?
Did you put your CA into the local .keystore or in C:\Program
Files\JavaSoft\JRE\1.3.1\lib\security\cacerts??
On my Java side I'm using JSSE 1.0.3 together with Innovation's
HTTPClient like:
java.security.Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());
SSLContext sc = SSLContext.getInstance("SSL");
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SunX509");
KeyManagerFactory kmf = KeyManagerFactory.getInstance( "SunX509" );
KeyStore ks = KeyStore.getInstance( "JKS") ;
char[] passphrase = "whatever".toCharArray();
ks.load(new FileInputStream("C:\\Documents and
Settings\\correij\\.keystore"), passphrase);
tmf.init(ks);
kmf.init(ks, passphrase);
sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
HTTPConnection con = new HTTPConnection("https", urlString, -1);
con.setDefaultSSLSocketFactory(sc.getSocketFactory());
HTTPResponse response = con.Get("/test/servlet/ldapb2bservlet");
InputStream content = (InputStream)response.getInputStream();
....
Any other ideas, thanks...
-----Original Message-----
From: Xperex Tim [mailto:[EMAIL PROTECTED]]
Sent: 18 September 2002 01:07
To: [EMAIL PROTECTED]
Subject: Re: apache with client certificates
I am using Apache 1.3.26 with OpenSSL 0.9.6c and client authentication
works for me. I have
SSLVerifyDepth set to 1 and specified an SSLSessionCache but otherwise
my setup is roughly the
same as yours.
--- "Jose Correia (J)" <[EMAIL PROTECTED]> wrote:
> Hi all
>
> Is anyone aware of Apache version 1.3.20 having problems with client
> authentication??
>
> I've created my own CA created using openssl (vs 0.9.6a). I then
> created and signed my server certificate with the CA using openssl.
> (apache is on a RH Linux 6.2 machine)
>
> I then created a client public key using Java's keytool (from my
> Win2000 client machine). I then took this key and signed it with my
CA
> using openssl which I duly converted into DER format. I then
imported
> my CA's certificate in my JSSE keystore plus the now created client
> certificate which replaces the previous public key.
>
> In my Apache I mention these:
> SSLCertificateFile /jose/CA2/server.crt
> SSLCertificateKeyFile /jose/CA2/server.key
> SSLCACertificateFile /jose/CA2/demoCA/cacert.pem
> SSLVerifyClient require
> SSLVerifyDepth 10
>
> When I connect, I'm getting the following on ssl_engine.log
>
> "[17/Sep/2002 15:20:22 28388] [error] SSL handshake failed (server
> 155.239.48.43:443, client 165.148.59.202) (OpenSSL library error
> follows)
> [17/Sep/2002 15:20:22 28388] [error] OpenSSL: error:14094416:SSL
> routines:SSL3_READ_BYTES:sslv3 alert certificate unknown"
>
> and from my Java client I'm getting:
>
> "main, SEND SSL v3.1 ALERT: fatal, description =
certificate_unknown
> main, WRITE: SSL v3.1 Alert, length = 2
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated"
>
> Hence my confusion since I know my client certificate was signed by
> the CA mentioned in apache httpd.conf... :-(
>
> Anyone got a clue? I've searched extensevily...
>
> Thanks a lot
> Jose Correia
>
______________________________________________________________________
> OpenSSL Project
http://www.openssl.org
> User Support Mailing List
[EMAIL PROTECTED]
> Automated List Manager
[EMAIL PROTECTED]
__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
