"OCSP_basic_verify:root ca not trusted" error on Apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <users@xxxxxxxxxxxxxxxx>
Subject: "OCSP_basic_verify:root ca not trusted" error on Apache
From: Luis Neves <luisneves@xxxxxxxxxxx>
Date: Tue, 20 Jul 2010 07:46:20 +0000
Importance: Normal
In-reply-to: <COL110-W293EEDD705708362D41C4BA7BF0@xxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx

Hi to all

I am trying to validade client Certs using Apache and a OCSP responder. Iam having this error on error log:

(I can successfully validate the cert if using openssl command line, but not using Apache)

[Fri Jul 16 16:02:11.201292 2010] [debug] [pid 21789] proxy_util.c(1962): proxy: initialized single connection worker 1 in child 21789 for (*)
[Fri Jul 16 16:02:27.399755 2010] [debug] [pid 21783] ssl_util_ocsp.c(79): [client 10.14.148.50:54752] connecting to OCSP responder 'ocsp.auc.cartaodecidadao.pt'
[Fri Jul 16 16:02:27.614470 2010] [debug] [pid 21783] ssl_util_ocsp.c(105): [client 10.14.148.50:54752] sending request to OCSP responder
[Fri Jul 16 16:02:28.566401 2010] [debug] [pid 21783] ssl_util_ocsp.c(209): [client 10.14.148.50:54752] OCSP response header: Date: Fri, 16 Jul 2010 14:51:24 GMT
[Fri Jul 16 16:02:28.566469 2010] [debug] [pid 21783] ssl_util_ocsp.c(209): [client 10.14.148.50:54752] OCSP response header: Server: Apache
[Fri Jul 16 16:02:28.566505 2010] [debug] [pid 21783] ssl_util_ocsp.c(209): [client 10.14.148.50:54752] OCSP response header: X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA
(build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
[Fri Jul 16 16:02:28.566542 2010] [debug] [pid 21783] ssl_util_ocsp.c(209): [client 10.14.148.50:54752] OCSP response header: Expires: Fri, 16 Jul 2010 14:53:24 GMT
[Fri Jul 16 16:02:28.566576 2010] [debug] [pid 21783] ssl_util_ocsp.c(209): [client 10.14.148.50:54752] OCSP response header: Cache-Control: max-age=120
[Fri Jul 16 16:02:28.566617 2010] [debug] [pid 21783] ssl_util_ocsp.c(209): [client 10.14.148.50:54752] OCSP response header: Content-Length: 2530
[Fri Jul 16 16:02:28.566643 2010] [debug] [pid 21783] ssl_util_ocsp.c(209): [client 10.14.148.50:54752] OCSP response header: Connection: close
[Fri Jul 16 16:02:28.566682 2010] [debug] [pid 21783] ssl_util_ocsp.c(209): [client 10.14.148.50:54752] OCSP response header: Content-Type: application/ocsp-response
[Fri Jul 16 16:02:28.566720 2010] [debug] [pid 21783] ssl_util_ocsp.c(252): [client 10.14.148.50:54752] OCSP response: got 1127 bytes, 1127 total
[Fri Jul 16 16:02:28.569926 2010] [debug] [pid 21783] ssl_util_ocsp.c(252): [client 10.14.148.50:54752] OCSP response: got 1403 bytes, 2530 total
[Fri Jul 16 16:02:28.569991 2010] [debug] [pid 21783] ssl_util_ocsp.c(235): [client 10.14.148.50:54752] OCSP response: got EOF
[Fri Jul 16 16:02:28.578764 2010] [error] [pid 21783] SSL Library Error: error:27069070:OCSP routines:OCSP_basic_verify:root ca not trusted
[Fri Jul 16 16:02:28.578810 2010] [error] [pid 21783] failed to verify the OCSP response
[Fri Jul 16 16:02:28.578927 2010] [error] [pid 21783] [client 10.14.148.50:54752] Certificate Verification: Error (50): application verification failure

Hotmail: Trusted email with powerful SPAM protection. Sign up now.

Prev by Date: AccessFileName not allowed here
Next by Date: Re: AccessFileName not allowed here
Previous by thread: AccessFileName not allowed here
Next by thread: mailshell and other connections from httpd.exe
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]