Hi there I set the depth to 1 and I do have my cache set to:
SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/usr/local/apache/logs/ssl_mutex Still not working... Argghhh, this is so frustrating... any other ideas? Did you put your CA into the local .keystore or in C:\Program Files\JavaSoft\JRE\1.3.1\lib\security\cacerts?? On my Java side I'm using JSSE 1.0.3 together with Innovation's HTTPClient like: java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); SSLContext sc = SSLContext.getInstance("SSL"); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); KeyManagerFactory kmf = KeyManagerFactory.getInstance( "SunX509" ); KeyStore ks = KeyStore.getInstance( "JKS") ; char[] passphrase = "whatever".toCharArray(); ks.load(new FileInputStream("C:\\Documents and Settings\\correij\\.keystore"), passphrase); tmf.init(ks); kmf.init(ks, passphrase); sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); HTTPConnection con = new HTTPConnection("https", urlString, -1); con.setDefaultSSLSocketFactory(sc.getSocketFactory()); HTTPResponse response = con.Get("/test/servlet/ldapb2bservlet"); InputStream content = (InputStream)response.getInputStream(); .... Any other ideas, thanks... -----Original Message----- From: Xperex Tim [mailto:[EMAIL PROTECTED]] Sent: 18 September 2002 01:07 To: [EMAIL PROTECTED] Subject: Re: apache with client certificates I am using Apache 1.3.26 with OpenSSL 0.9.6c and client authentication works for me. I have SSLVerifyDepth set to 1 and specified an SSLSessionCache but otherwise my setup is roughly the same as yours. --- "Jose Correia (J)" <[EMAIL PROTECTED]> wrote: > Hi all > > Is anyone aware of Apache version 1.3.20 having problems with client > authentication?? > > I've created my own CA created using openssl (vs 0.9.6a). I then > created and signed my server certificate with the CA using openssl. > (apache is on a RH Linux 6.2 machine) > > I then created a client public key using Java's keytool (from my > Win2000 client machine). I then took this key and signed it with my CA > using openssl which I duly converted into DER format. I then imported > my CA's certificate in my JSSE keystore plus the now created client > certificate which replaces the previous public key. > > In my Apache I mention these: > SSLCertificateFile /jose/CA2/server.crt > SSLCertificateKeyFile /jose/CA2/server.key > SSLCACertificateFile /jose/CA2/demoCA/cacert.pem > SSLVerifyClient require > SSLVerifyDepth 10 > > When I connect, I'm getting the following on ssl_engine.log > > "[17/Sep/2002 15:20:22 28388] [error] SSL handshake failed (server > 155.239.48.43:443, client 165.148.59.202) (OpenSSL library error > follows) > [17/Sep/2002 15:20:22 28388] [error] OpenSSL: error:14094416:SSL > routines:SSL3_READ_BYTES:sslv3 alert certificate unknown" > > and from my Java client I'm getting: > > "main, SEND SSL v3.1 ALERT: fatal, description = certificate_unknown > main, WRITE: SSL v3.1 Alert, length = 2 > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated" > > Hence my confusion since I know my client certificate was signed by > the CA mentioned in apache httpd.conf... :-( > > Anyone got a clue? I've searched extensevily... > > Thanks a lot > Jose Correia > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]