After I installed a certificate on my browser (tested on both IE and Firefox), I was able to access the site with client authentication. I was expecting my browser to pop up a dialog and ask me for a certificate. However, it seems like the browser won't do so if I have no certificate installed on my browser. Anyway, thanks for your help.
Kenneth Yeung Serge Dubrouski <serge...@gmail.com> 04/15/2010 09:44 AM Please respond to users@httpd.apache.org To users@httpd.apache.org cc Subject Re: [us...@httpd] Re-negotiation handshake failed This message is normal. It says that server expected user certificate but it wasn't presented by browser. On Tue, Apr 13, 2010 at 5:31 PM, <kennethye...@infoimageinc.com> wrote: > > Greeting! > > I'm having a problem on setting up client certificate on my test site on > Apache 2.2.15/OpenSSL 0.9.8m on Windows XP. I followed the "How-To" > articles on mod_ssl (http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html ). > When I browse the site, I got the following error message in the log: > > Re-negotiation handshake failed: Not accepted by client!? > > I read through the documentation. I tried to turn SSLInsecureRenegotiation > on and off, but no luck. I attached the configuration of my virtual host, > hoping that you would point out anything that I've missed. Oh, when I said > that the site wasn't working, I was referring to my browser, which displays > an error page with the code: ssl_error_handshake_failure_alert, instead of > asking me for a certificate. > > Thanks, > > Kenneth Yeung > > > <VirtualHost *:10991> > ServerAdmin mys...@mycompany.com > DocumentRoot "C:/hosts-static/mysite/ROOT" > ServerName mysite.mycompany.com > ErrorLog "C:/hosts-static/mysite/log/ROOT-error.log" > CustomLog "C:/hosts-static/mysite/log/ROOT-access.log" common > > SSLEngine on > SSLCipherSuite HIGH:MEDIUM > SSLCertificateFile "C:/Apache2.2/conf/ssl.crt/mysite.crt" > SSLCertificateKeyFile "C:/Apache2.2/conf/ssl.crt/mysite.key" > > SSLInsecureRenegotiation on > > <Directory C:/hosts-static/mysite/ROOT> > Order deny,allow > Allow from all > > SSLVerifyClient require > SSLVerifyDepth 1 > SSLCACertificateFile "C:/Apache2.2/conf/ssl.crt/self_signed_ca.crt" > > </Directory> > > </VirtualHost> -- Serge Dubrouski. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org