did nobody know a solution for this problem?
hi all,
we have a nexus multiid server for certificate authentication.
i try to pass the client smartcard certificates from apache to tomcat
server.
the tomcat talks to the nexus and the authentication take effect.
when i try to export the client ca certificate to the tomcat server
i get the following errors:
[Mon Aug 02 15:36:40 2010] [error] [client] Certificate Verification:
Error (20): unable to get local issuer certificate
[Mon Aug 02 15:36:40 2010] [error] [client] Re-negotiation handshake
failed: Not accepted by client!?
@Firefox:
(Fehlercode: ssl_error_unknown_ca_alert)
this is my ssl configuration:
<IfModule ssl_module>
SSLVerifyClient none
SSLVerifyDepth 5
#SSLOptions +ExportCertData +StrictRequire +StdEnvVars
+FakeBasicAuth
SSLOptions +ExportCertData
#SSLCACertificateFile conf/ssl/Certificate.cer
</IfModule>
<Location /nexus>
SSLVerifyClient require
SSLVerifyDepth 5
#SSLCACertificateFile
/ps/apache2.2/testsystem1/conf/ssl/Certificate.crt
#SSLOptions +ExportCertData +StrictRequire
+StdEnvVars +FakeBasicAuth
SSLOptions +ExportCertData +StdEnvVars
#SSLRequireSSL
</Location>
my jk.conf:
JkExtractSSL On
JkHTTPSIndicator HTTPS
JkSESSIONIndicator SSL_SESSION_ID
JkCIPHERIndicator SSL_CIPHER
JkCERTSIndicator SSL_CLIENT_CERT
JkEnvVar SSL_CLIENT_CERT SSL_CLIENT_CERT
JkOptions +ForwardSSLCertChain
i use apache 2.2.13-3 and openssl 0.9.8a.
Any hints on what might have gone wrong will be highly useful.
regards
Tin
