Hi, I am trying to get 2 way certificate authentication going in Apache. I have installed the certificate into my browser (firefox) but it just times out. Anyone have any ideas? Thanks. Dave
Here is the ssl section of my Apache config SSLEngine on SSLOptions +ExportCertData +StrictRequire SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key SSLVerifyClient require SSLVerifyDepth 1 SSLCACertificateFile /etc/ssl/certs/cacert.crt SSLCACertificatePath /etc/ssl/certs/ And here is a tail of my Apache error log. Tue Jul 06 12:14:19 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop: before/accept initialization [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1873): OpenSSL: read 11/11 bytes from BIO#7fe53bc64790 [mem: 7fe53bc51030] (BIO dump follows) [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1806): +-------------------------------------------------------------------------+ [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0000: 16 03 01 00 9f 01 00 00-9b 03 01 ........... | [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1851): +-------------------------------------------------------------------------+ [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1873): OpenSSL: read 153/153 bytes from BIO#7fe53bc64790 [mem: 7fe53bc5103b] (BIO dump follows) [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1806): +-------------------------------------------------------------------------+ [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0000: 4c 33 55 54 75 c1 13 4d-af 52 9c 25 42 16 c3 8c L3UTu..M.R.%B... | [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0010: 52 15 6e e2 61 13 96 d8-25 d3 a9 8b 47 a7 bf d5 R.n.a...%...G... | [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0020: 00 00 48 00 ff c0 0a c0-14 00 88 00 87 00 39 00 ..H...........9. | [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0030: 38 c0 0f c0 05 00 84 00-35 c0 07 c0 09 c0 11 c0 8.......5....... | [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0040: 13 00 45 00 44 00 33 00-32 c0 0c c0 0e c0 02 c0 ..E.D.3.2....... | [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0050: 04 00 96 00 41 00 04 00-05 00 2f c0 08 c0 12 00 ....A...../..... | [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0060: 16 00 13 c0 0d c0 03 fe-ff 00 0a 01 00 00 2a 00 ..............*. | [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0070: 00 00 10 00 0e 00 00 0b-7a 69 73 2e 76 63 61 74 ........zis.vcat | [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0080: 2e 75 73 00 0a 00 08 00-06 00 17 00 18 00 19 00 .us............. | [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0090: 0b 00 02 01 00 00 23 ......# | [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1849): | 0153 - <SPACES/NULS> [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1851): +-------------------------------------------------------------------------+ [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_kernel.c(1982): [client 24.63.200.169] SSL virtual host for servername zis.vcat.us found [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop: SSLv3 read client hello A [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop: SSLv3 write server hello A [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop: SSLv3 write certificate A [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_kernel.c(1269): [client 24.63.200.169] handing out temporary 1024 bit DH key [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop: SSLv3 write key exchange A [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop: SSLv3 write certificate request A [Tue Jul 06 12:14:19 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop: SSLv3 flush data ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org