Re: Problem with client authentication
I set in the file ssleay.cnf the nsCertType 0xb0 and client authentication worked ok ! - Original Message - From: Maristela Terto de Holanda <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 22, 1999 11:48 AM Subject: Problem with client authentication >Hi, > >I'm running apache 1.3.3, mod_ssl 2.2., ssleay 0.9.0b > >To create the client authentication, I followed the steps: 1- include >the certificate of my own ca > in the ca-bundle file which is referenced in httpd.conf; 2- in the >httpd.conf file I set SSLVerifyClient require; >3- My personal certificate signed by my CA is in My browser (Netscape 4.5) >but when I try to connect, >The browser (Netscape 4.5) shows me a NO USER CERTIFICATES message box. What >could be happening ? > >Maristela Terto de Holanda >I'm starting my studies on for my Masters Degree > at Universidade de Brasilia - Brazil > > > >__ >Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ >Official Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem with client authentication
> I'm running apache 1.3.3, mod_ssl 2.2., ssleay 0.9.0b I suggest you to upgrade to open-ssl 0.9.2b, since you'll be able to set the X509v3 extensions directly. > The browser (Netscape 4.5) shows me a NO USER CERTIFICATES message box. What > could be happening ? Did you set the CA Cert in the CACertificatePath correctly? Maybe you need to download the CA Cert into Netscape (I'm not sure, since I downloaded it always) You should use a cert with "nsCerttype = client, email" extension set. If you like, I could give you a cert/URL for testing? (in that case just drop me a mail-to: [EMAIL PROTECTED]) oki, Steffen __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem with client authentication
Thanks,
I checked SSLCACertificate{File,Path} are ok. Do you have any other
sugestion?
Maristela
- Original Message -
From: Ralf S. Engelschall <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, April 22, 1999 12:03 PM
Subject: Re: Problem with client authentication
>On Thu, Apr 22, 1999, Maristela Terto de Holanda wrote:
>
>> To create the client authentication, I followed the steps: 1- include
>> the certificate of my own ca
>> in the ca-bundle file which is referenced in httpd.conf; 2- in the
>> httpd.conf file I set SSLVerifyClient require;
>> 3- My personal certificate signed by my CA is in My browser (Netscape
4.5)
>> but when I try to connect,
>> The browser (Netscape 4.5) shows me a NO USER CERTIFICATES message box.
What
>> could be happening ?
>
>Seems like either the CA list isn't sent (you've not correctly configured
>SSLCACertificate{File,Path} or you've a mismatch between your CA certs and
>your client cert. Check these two things first.
>
> Ralf S. Engelschall
> [EMAIL PROTECTED]
> www.engelschall.com
>__
>Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
>Official Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
__
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: Problem with client authentication
On Thu, Apr 22, 1999, Maristela Terto de Holanda wrote:
> To create the client authentication, I followed the steps: 1- include
> the certificate of my own ca
> in the ca-bundle file which is referenced in httpd.conf; 2- in the
> httpd.conf file I set SSLVerifyClient require;
> 3- My personal certificate signed by my CA is in My browser (Netscape 4.5)
> but when I try to connect,
> The browser (Netscape 4.5) shows me a NO USER CERTIFICATES message box. What
> could be happening ?
Seems like either the CA list isn't sent (you've not correctly configured
SSLCACertificate{File,Path} or you've a mismatch between your CA certs and
your client cert. Check these two things first.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
