"ssl_error_handshake_failure_alert" when trying to connect to an apache+modssl subdir with a unique SSL cert ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

(modssl-user list, and it's -owner email are refusing any/all mail.
sigh.  @#httpd suggested this is the 'right' forum ...)

hi,

i'm trying to set up modssl-based, unique SSL certificate
authentication for a subdirectory @ a shared-host.

atm, my setup returns a Server error of,

	ssl_error_handshake_failure_alert

here's what i've done so far ...

locally, i've created a client cert, signed by my own CA.

on my local desktop, verifying,

	cd /Users/pgn/ssl
	openssl verify -verbose \
	 -CAfile myCA.cert.rsa.pem \
	 -purpose sslclient \
	 mydomain.com.cert.rsa.pem

returns,

	mydomain.com.cert.rsa.pem: OK

i convert that verified cert in .pkcs12,

	openssl pkcs12 -export \
	-in     mydomain.com.cert.rsa.pem \
	-inkey  mydomain.com.privkey.rsa.pem \
	-out    mydomain.com.cert.rsa.pkcs12
		Enter Export Password: ###
		Verifying - Enter Export Password: ###

and import it, successfully, into my local Firefox instance.

i copy my CA cert from local machine to remote host,

	scp \
	myCA.cert.rsa.pem \
	my_remote_user@xxxxxxxxxxxx:/home/pgn/ssl/myCA.cert.rsa.pem

and rehash,

	ssh -l my_remote_user mydomain.com \
	"c_rehash /home/pgn/ssl/"


checking the results @ remote host,

	cd /home/pgn/ssl
	ls -al
		lrwxrwxrwx 1 my_remote_user my_group   30 2009-06-16 10:19
18e1fe7b.0 -> myCA.cert.rsa.pem
		-rw-r--r-- 1 my_remote_user my_group 2451 2009-06-16 10:19 myCA.cert.rsa.pem

next, in a subdir @ my host, i've

	cat $HOME/(... path to webroot ...)/test/.htaccess
	
		SSLCipherSuite HIGH:MEDIUM
		SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
		deny from all
		allow from xx.xx.xx.xx/29
		
		SSLVerifyClient      require
		SSLVerifyDepth       1
		SSLCACertificateFile "/home/pgn/ssl/myCA.cert.rsa.pem"
		SSLCACertificatePath "/home/pgn/ssl"
		SSLOptions           +OptRenegotiate +StdEnvVars
		SSLRequireSSL
		Options +Indexes

but, @ browser nav to:

	https://mydomain.com/test/

i get a browser error,

	Secure Connection Failed
		An error occurred during a connection to www.mydomain.com.
		SSL peer was unable to negotiate an acceptable set of security parameters.
		(Error code: ssl_error_handshake_failure_alert)

&, @ apache error.log,

	==> /home/pgn/logs/mydomain.com/https/error.log <==
	[Tue Jun 16 10:35:12 2009] [error] Re-negotiation handshake failed:
Not accepted by client!?
	[Tue Jun 16 10:35:12 2009] [error] Re-negotiation request failed


reading around, i presume this is _supposed_ to work, so, likely i've
missed, or configured, something :-/

any suggestions as to what the prob is ?

thanks!

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux