Re: Problem with client authentication
I set in the file ssleay.cnf the nsCertType 0xb0 and client authentication worked ok ! - Original Message - From: Maristela Terto de Holanda <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 22, 1999 11:48 AM Subject: Problem with client authentication >Hi, > >I'm running apache 1.3.3, mod_ssl 2.2., ssleay 0.9.0b > >To create the client authentication, I followed the steps: 1- include >the certificate of my own ca > in the ca-bundle file which is referenced in httpd.conf; 2- in the >httpd.conf file I set SSLVerifyClient require; >3- My personal certificate signed by my CA is in My browser (Netscape 4.5) >but when I try to connect, >The browser (Netscape 4.5) shows me a NO USER CERTIFICATES message box. What >could be happening ? > >Maristela Terto de Holanda >I'm starting my studies on for my Masters Degree > at Universidade de Brasilia - Brazil > > > >__ >Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ >Official Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem with client authentication
> I'm running apache 1.3.3, mod_ssl 2.2., ssleay 0.9.0b I suggest you to upgrade to open-ssl 0.9.2b, since you'll be able to set the X509v3 extensions directly. > The browser (Netscape 4.5) shows me a NO USER CERTIFICATES message box. What > could be happening ? Did you set the CA Cert in the CACertificatePath correctly? Maybe you need to download the CA Cert into Netscape (I'm not sure, since I downloaded it always) You should use a cert with "nsCerttype = client, email" extension set. If you like, I could give you a cert/URL for testing? (in that case just drop me a mail-to: [EMAIL PROTECTED]) oki, Steffen __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem with client authentication
Thanks, I checked SSLCACertificate{File,Path} are ok. Do you have any other sugestion? Maristela - Original Message - From: Ralf S. Engelschall <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 22, 1999 12:03 PM Subject: Re: Problem with client authentication >On Thu, Apr 22, 1999, Maristela Terto de Holanda wrote: > >> To create the client authentication, I followed the steps: 1- include >> the certificate of my own ca >> in the ca-bundle file which is referenced in httpd.conf; 2- in the >> httpd.conf file I set SSLVerifyClient require; >> 3- My personal certificate signed by my CA is in My browser (Netscape 4.5) >> but when I try to connect, >> The browser (Netscape 4.5) shows me a NO USER CERTIFICATES message box. What >> could be happening ? > >Seems like either the CA list isn't sent (you've not correctly configured >SSLCACertificate{File,Path} or you've a mismatch between your CA certs and >your client cert. Check these two things first. > > Ralf S. Engelschall > [EMAIL PROTECTED] > www.engelschall.com >__ >Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ >Official Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem with client authentication
On Thu, Apr 22, 1999, Maristela Terto de Holanda wrote: > To create the client authentication, I followed the steps: 1- include > the certificate of my own ca > in the ca-bundle file which is referenced in httpd.conf; 2- in the > httpd.conf file I set SSLVerifyClient require; > 3- My personal certificate signed by my CA is in My browser (Netscape 4.5) > but when I try to connect, > The browser (Netscape 4.5) shows me a NO USER CERTIFICATES message box. What > could be happening ? Seems like either the CA list isn't sent (you've not correctly configured SSLCACertificate{File,Path} or you've a mismatch between your CA certs and your client cert. Check these two things first. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]