What version of OpenSSL are you running? I normally wouldn't be concerned about a bug in an older version of OpenSSL...but I can fathom people downgrading to pre-heartbleed versions to "be sure" its safe.
>> [Sun Jun 01 20:42:26 2014] [error] Certificate Verification: Error (20): >> unable to get local issuer certificate This may indicate that you don't have *all* the root CAs for the CAC card...can you verify that the issuer for your CAC certificate is in the SSLCACertificateFile? On Sun, Jun 1, 2014 at 11:47 PM, McGregor, Donald (Don) (CIV) <mcgr...@nps.edu> wrote: > > On Jun 1, 2014, at 6:18 AM, Steven Siebert <smsi...@gmail.com> wrote: > > > On Fri, May 30, 2014 at 12:00 AM, McGregor, Donald (Don) (CIV) > <mcgr...@nps.edu> wrote: >> >> ERR_SSL_P > > > > Can you provide the (sanitized) apache error_log when you try mutual auth? > > S > > > Using IE client on Windows 8.1: > > [Sun Jun 01 20:40:35 2014] [error] Certificate Verification: Error (20): > unable to get local issuer certificate > [Sun Jun 01 20:40:35 2014] [error] Re-negotiation handshake failed: Not > accepted by client!? > [Sun Jun 01 20:40:35 2014] [error] Re-negotiation handshake failed: Not > accepted by client!? > > Using Chrome client on Windows 8.1: > > [Sun Jun 01 20:42:10 2014] [error] Re-negotiation handshake failed: Not > accepted by client!? > [Sun Jun 01 20:42:15 2014] [error] Re-negotiation handshake failed: Not > accepted by client!? > [Sun Jun 01 20:42:26 2014] [error] Certificate Verification: Error (20): > unable to get local issuer certificate > [Sun Jun 01 20:42:26 2014] [error] Re-negotiation handshake failed: Not > accepted by client!? > > As I said, the standard https seems to work in non-CAC enabled directories. > From Chrome on OSX > for the lock icon: > > "The identity of this website has been verified by DOD CA-27 but does not > have public audit records." > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
