HI all, I have configured my apache 2.4 to work on https. I generated a self signed certificate for myclient with openssl (ootb config) and this works fine. However my goal is have add few extensions to the self signed certificate.(principal name) Therefore I added few changes in openssl.cnf file [ v3_req]...subjectAltName=@principal_names [ principal_names]DNS.1 = test.comotherName= 1.3.6.1.4.1.311.20.2.3;UTF8:test
When I import the certificate in IE I can properly see the fields that I added. Also if I set SSLVerifyClient optional_no_ca in apache config it will work. The goal is to work with SSLVerifyClient require These are the commands I run to generate the certificate.openssl genrsa -out key.pem 2048openssl req -new -sha256 -key key.pem -out csr.pemopenssl req -x509 -days 365 -sha256 -key key.pem -in csr.pem -out cert.pemopenssl pkcs12 -export -in cert.pem -inkey key.pem -out server.p12 In error log I getAH02275: Certificate Verification, depth 0, CRL checking mode: none [subject: AH02276: Certificate Verification: Error (18): self signed certificate [subject: core_output_filter: flushing because of FLUSH bucket OpenSSL: Write: SSLv3 read client certificate B OpenSSL: Exit: error in error AH02008: SSL library error 1 in handshake SSL Library Error: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed I have enabled trace8 logging. Can you point me to the direction to overcome this issue or enable more debugging Best Regards,Gabi
