Hello Serge, I am using Apache 2.2.4 and IE 7. I imported the certificate in P12 format. Deval
From: "Serge Dubrouski" <sergeyfd@xxxxxxxxx> Reply-To: users@xxxxxxxxxxxxxxxx To: users@xxxxxxxxxxxxxxxx Subject: Re: Client Certificate authentication not working Date: Fri, 19 Jan 2007 17:06:08 -0700 What version of Apache do you use? There is a well known problem for this in Apache 2.0.XX (there is an unofficial patch for it but I didn't try it) and the only way to fix it is to upgrade to Apache 2.2.XX. On 1/19/07, DEVAL SHAH <devals9@xxxxxxxxxxx> wrote:Hello,Please help me I have been trying to get this working for 2 weeks now. Hereis the error: [debug] ssl_engine_kernel.c(426): Changed client verification type will force renegotiation [info] Requesting connection re-negotiation ...... ... [debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSLv3 read client certificate B[debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read clientcertificate B [error] Re-negotiation handshake failed: Not accepted by client!? I created a local CA. Worked fine I have a trusted certificate from Thawte on Apache I created a client certificate using my local CA - worked well. CN = Deval Shah I imported the client certificate and CA certificate in IE. IE shows the certificate properly without any error. httpd-ssl.conf fileSSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt -> Points tocertificate from Thawte SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/devalCA.crt -> local CA that i created SSLVerifyDepth 10 <Location /testcerts/*> SSLOptions +ExportCertData +OptRenegotiate +StdEnvVars SSLVerifyClient require SSLRequire %{SSL_CLIENT_S_DN_CN} in {"Deval Shah"} </Location> Let me know what is wrong? Thanks Deval --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|