Hello Serge,
I am using Apache 2.2.4 and IE 7. I imported the certificate in P12 format.
Thanks
Deval
From: "Serge Dubrouski" <[EMAIL PROTECTED]>
Reply-To: users@httpd.apache.org
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Client Certificate authentication not working
Date: Fri, 19 Jan 2007 17:06:08 -0700
What version of Apache do you use? There is a well known problem for
this in Apache 2.0.XX (there is an unofficial patch for it but I
didn't try it) and the only way to fix it is to upgrade to Apache
2.2.XX.
On 1/19/07, DEVAL SHAH <[EMAIL PROTECTED]> wrote:
Hello,
Please help me I have been trying to get this working for 2 weeks now.
Here
is the error:
[debug] ssl_engine_kernel.c(426): Changed client verification type will
force renegotiation
[info] Requesting connection re-negotiation
......
...
[debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSLv3 read client
certificate B
[debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read
client
certificate B
[error] Re-negotiation handshake failed: Not accepted by client!?
I created a local CA. Worked fine
I have a trusted certificate from Thawte on Apache
I created a client certificate using my local CA - worked well. CN = Deval
Shah
I imported the client certificate and CA certificate in IE. IE shows the
certificate properly without any error.
httpd-ssl.conf file
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt -> Points
to
certificate from Thawte SSLCertificateKeyFile
/usr/local/apache2/conf/ssl.key/server.key
SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/devalCA.crt -> local
CA that i created
SSLVerifyDepth 10
<Location /testcerts/*>
SSLOptions +ExportCertData +OptRenegotiate +StdEnvVars
SSLVerifyClient require
SSLRequire %{SSL_CLIENT_S_DN_CN} in {"Deval Shah"}
</Location>
Let me know what is wrong?
Thanks
Deval
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
