Re: [users] Re: CAC Card Authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

What version of OpenSSL are you running? I normally wouldn't be
concerned about a bug in an older version of OpenSSL...but I can
fathom people downgrading to pre-heartbleed versions to "be sure" its
safe.

>> [Sun Jun 01 20:42:26 2014] [error] Certificate Verification: Error (20): unable to get local issuer certificate

This may indicate that you don't have *all* the root CAs for the CAC
card...can you verify that the issuer for your CAC certificate is in
the SSLCACertificateFile?





On Sun, Jun 1, 2014 at 11:47 PM, McGregor, Donald (Don) (CIV)
<mcgredo@xxxxxxx> wrote:
>
> On Jun 1, 2014, at 6:18 AM, Steven Siebert <smsiebe@xxxxxxxxx> wrote:
>
>
> On Fri, May 30, 2014 at 12:00 AM, McGregor, Donald (Don) (CIV)
> <mcgredo@xxxxxxx> wrote:
>>
>> ERR_SSL_P
>
>
>
> Can you provide the (sanitized) apache error_log when you try mutual auth?
>
> S
>
>
> Using IE client on Windows 8.1:
>
> [Sun Jun 01 20:40:35 2014] [error] Certificate Verification: Error (20):
> unable to get local issuer certificate
> [Sun Jun 01 20:40:35 2014] [error] Re-negotiation handshake failed: Not
> accepted by client!?
> [Sun Jun 01 20:40:35 2014] [error] Re-negotiation handshake failed: Not
> accepted by client!?
>
> Using Chrome client on Windows 8.1:
>
> [Sun Jun 01 20:42:10 2014] [error] Re-negotiation handshake failed: Not
> accepted by client!?
> [Sun Jun 01 20:42:15 2014] [error] Re-negotiation handshake failed: Not
> accepted by client!?
> [Sun Jun 01 20:42:26 2014] [error] Certificate Verification: Error (20):
> unable to get local issuer certificate
> [Sun Jun 01 20:42:26 2014] [error] Re-negotiation handshake failed: Not
> accepted by client!?
>
> As I said, the standard https seems to work in non-CAC enabled directories.
> From Chrome on OSX
> for the lock icon:
>
> "The identity of this website has been verified by DOD CA-27 but does not
> have public audit records."
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux