> The above indicates that. Make sure client cert > processing is done correctly on the server side. If it > is a program failure, then you need to get the > programmer to debug the program. >
Thank you for your answer. I'm not sure what you intend with "program failure": the pages served by this virtual host are for the time being only static html pages. The only programs involed are apache, openssl and the browser I tried the following command found in the openssl faq "openssl s_client -connect tomcat-ssl.itcilo.org:443 -state -debug" and it finished with the following error: SSL_connect:SSLv3 write client key exchange A write to 080B07A0 [080BFFC0] (6 bytes => -1 (0xFFFFFFFF)) SSL_connect:error in SSLv3 write finished A SSL_connect:error in SSLv3 write finished A I've googled a little bit but didn't really find something that allowed me to solve my problem. host:~/CA # openssl s_client -connect myhost:443 -showcerts -CAfile /root/CA/itcilo-ca.crt CONNECTED(00000003) depth=1 /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=ITCILO CA/[EMAIL PROTECTED] verify return:1 depth=0 /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=myhost/[EMAIL PROTECTED] verify return:1 17680:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1052:SSL alert number 40 17680:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226: I also tried passing to "openssl s_client" the client certificate and key, with also an error, as you can see below: dolphin:~/CA # openssl s_client -cert lams.crt -key lams.key -CAfile itcilo-ca.crt -ssl3 -showcerts -connect myhost:443 CONNECTED(00000003) depth=1 /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=ITCILO CA/[EMAIL PROTECTED] verify return:1 depth=0 /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=myhost/[EMAIL PROTECTED] verify return:1 17910:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:529: I tried with ssl2 with same exit. I'm searching but really don't understand the problem. I also created again all the certificates with the same result. Any help would be appreciated as I'm pretty baffled Regards, Gaël ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]