Apache 2.4 Certificate Verification: Error (18): self signed certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



HI all,

I have configured my apache 2.4 to work on https. I generated a self signed certificate for myclient with openssl (ootb config) and  this works fine.

However my goal is have add few extensions to the self signed certificate.(principal name) Therefore I added few changes in openssl.cnf file

[ v3_req]
...
subjectAltName=@principal_names

[ principal_names]
DNS.1 = test.com
otherName= 1.3.6.1.4.1.311.20.2.3;UTF8:test

When I import the certificate in IE I can properly see the fields that I added. Also if I set SSLVerifyClient optional_no_ca in apache config it will work. The goal is to work with SSLVerifyClient require

These are the commands I run to generate the certificate.
openssl genrsa -out key.pem 2048
openssl req -new -sha256  -key key.pem -out csr.pem
openssl req -x509 -days 365 -sha256 -key key.pem -in csr.pem -out cert.pem
openssl pkcs12 -export -in cert.pem -inkey key.pem -out server.p12

In error log I get
AH02275: Certificate Verification, depth 0, CRL checking mode: none [subject: 
AH02276: Certificate Verification: Error (18): self signed certificate [subject: 
 core_output_filter: flushing because of FLUSH bucket
OpenSSL: Write: SSLv3 read client certificate B
OpenSSL: Exit: error in error
 AH02008: SSL library error 1 in handshake 
SSL Library Error: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed

I have enabled trace8 logging.  Can you point me to the direction to overcome this issue or enable more debugging

Best Regards,
Gabi



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux