HI all,
I have configured my apache 2.4 to work on https. I generated a self signed certificate for myclient with openssl (ootb config) and this works fine.
However my goal is have add few extensions to the self signed certificate.(principal name) Therefore I added few changes in openssl.cnf file
[ v3_req]
...
subjectAltName=@principal_names
[ principal_names]
DNS.1 = test.com
otherName= 1.3.6.1.4.1.311.20.2.3;UTF8:test
When I import the certificate in IE I can properly see the fields that I added. Also if I set SSLVerifyClient optional_no_ca in apache config it will work. The goal is to work with SSLVerifyClient require
These are the commands I run to generate the certificate.
openssl genrsa -out key.pem 2048
openssl req -new -sha256 -key key.pem -out csr.pem
openssl req -x509 -days 365 -sha256 -key key.pem -in csr.pem -out cert.pem
openssl pkcs12 -export -in cert.pem -inkey key.pem -out server.p12
In error log I get
AH02275: Certificate Verification, depth 0, CRL checking mode: none [subject:
AH02276: Certificate Verification: Error (18): self signed certificate [subject:
core_output_filter: flushing because of FLUSH bucket
OpenSSL: Write: SSLv3 read client certificate B
OpenSSL: Exit: error in error
AH02008: SSL library error 1 in handshake
SSL Library Error: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
I have enabled trace8 logging. Can you point me to the direction to overcome this issue or enable more debugging
Best Regards,
Gabi
