Hi All,
I'd greatly appreciate any comments or insights about what might be happening here.
I set up apache to accept SSL requests using a self signed certifcate. That appears to be working fine. However, I'm trying to have Apache accept and read a self-signed SSL client certificate according to the directives found at http://foaf.me/Enabling_SSL_Client_Certificates_on_Apache.php. Basically, the following directives are added to Apache Configuration:<Directory /usr/local/apache2.2/htdocs/test>
SSLVerifyClient optional_no_ca
SSLVerifyDepth 1
</Directory>
It works as expected the first time a request is made to /test. The browser prompts the user to choose a certificate to use as identification. But when the browser is refreshed it returns a blank page. Then subsequent requests for any ssl pages returns a
blank page too.
If I wait a few minutes then make an ssl request, the browser will again prompt the user to choose a certificate and show the requested page correctly, but then resort to serving blank pages again with the same error log information. I'm guessing this has something to do with ssl caching??
The following is a snip from the error log on a failed request.
...
[debug] ssl_engine_kernel.c(1756): OpenSSL: Handshake: done
[info] Connection: Client IP: 173.45.244.85, Protocol: SSLv3, Cipher: DHE-RSA-AES256-SHA (256/256 bits)
[info] [client 173.45.244.85] SSL client authentication failed: unable to verify the first certificate
[info] [client 173.45.244.85] Connection closed to child 2 with abortive shutdown (server Orb71.com:443)
The complete log of the failed request can be found at: http://orb71.com/debug/.Thanks,
Paul
Server version: Apache/2.2.11 (Unix)
Server built: Feb 11 2009 00:57:57
Server's Module Magic Number: 20051115:21
Server loaded: APR 1.3.3, APR-Util 1.3.4
Compiled using: APR 1.3.3, APR-Util 1.3.4
Architecture: 64-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
...
OpenSSL 0.9.8c 05 Sep 2006
