Hi,
I am trying to get 2 way certificate authentication going in Apache. I have
installed the certificate into my browser (firefox) but it just times out.
Anyone have any ideas? Thanks.
Dave
Here is the ssl section of my Apache config
SSLEngine on
SSLOptions +ExportCertData +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile /etc/ssl/certs/cacert.crt
SSLCACertificatePath /etc/ssl/certs/
And here is a tail of my Apache error log.
Tue Jul 06 12:14:19 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop:
before/accept initialization
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1873): OpenSSL: read 11/11
bytes from BIO#7fe53bc64790 [mem: 7fe53bc51030] (BIO dump follows)
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1806):
+-------------------------------------------------------------------------+
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0000: 16 03 01 00
9f
01 00 00-9b 03 01 ........... |
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1851):
+-------------------------------------------------------------------------+
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1873): OpenSSL: read 153/153
bytes from BIO#7fe53bc64790 [mem: 7fe53bc5103b] (BIO dump follows)
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1806):
+-------------------------------------------------------------------------+
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0000: 4c 33 55 54
75
c1 13 4d-af 52 9c 25 42 16 c3 8c L3UTu..M.R.%B... |
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0010: 52 15 6e e2
61
13 96 d8-25 d3 a9 8b 47 a7 bf d5 R.n.a...%...G... |
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0020: 00 00 48 00
ff
c0 0a c0-14 00 88 00 87 00 39 00 ..H...........9. |
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0030: 38 c0 0f c0
05
00 84 00-35 c0 07 c0 09 c0 11 c0 8.......5....... |
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0040: 13 00 45 00
44
00 33 00-32 c0 0c c0 0e c0 02 c0 ..E.D.3.2....... |
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0050: 04 00 96 00
41
00 04 00-05 00 2f c0 08 c0 12 00 ....A...../..... |
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0060: 16 00 13 c0
0d
c0 03 fe-ff 00 0a 01 00 00 2a 00 ..............*. |
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0070: 00 00 10 00
0e
00 00 0b-7a 69 73 2e 76 63 61 74 ........zis.vcat |
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0080: 2e 75 73 00
0a
00 08 00-06 00 17 00 18 00 19 00 .us............. |
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1845): | 0090: 0b 00 02 01
00
00 23 ......# |
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1849): | 0153 - <SPACES/NULS>
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_io.c(1851):
+-------------------------------------------------------------------------+
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_kernel.c(1982): [client
24.63.200.169] SSL virtual host for servername zis.vcat.us found
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop:
SSLv3 read client hello A
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop:
SSLv3 write server hello A
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop:
SSLv3 write certificate A
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_kernel.c(1269): [client
24.63.200.169] handing out temporary 1024 bit DH key
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop:
SSLv3 write key exchange A
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop:
SSLv3 write certificate request A
[Tue Jul 06 12:14:19 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL: Loop:
SSLv3 flush data
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
