|
hi all, we have a nexus multiid server for certificate authentication. i try to pass the client smartcard certificates from apache to tomcat server. the tomcat talks to the nexus and the authentication take effect. when i try to export the client ca certificate to the tomcat server i get the following errors: [Mon Aug 02 15:36:40 2010] [error] [client] Certificate Verification: Error (20): unable to get local issuer certificate [Mon Aug 02 15:36:40 2010] [error] [client] Re-negotiation handshake failed: Not accepted by client!? @Firefox: (Fehlercode: ssl_error_unknown_ca_alert) this is my ssl configuration: <IfModule ssl_module> SSLVerifyClient none SSLVerifyDepth 5 #SSLOptions +ExportCertData +StrictRequire +StdEnvVars +FakeBasicAuth SSLOptions +ExportCertData #SSLCACertificateFile conf/ssl/Certificate.cer </IfModule> <Location /nexus> SSLVerifyClient require SSLVerifyDepth 5 #SSLCACertificateFile /ps/apache2.2/testsystem1/conf/ssl/Certificate.crt #SSLOptions +ExportCertData +StrictRequire +StdEnvVars +FakeBasicAuth SSLOptions +ExportCertData +StdEnvVars #SSLRequireSSL </Location> my jk.conf: JkExtractSSL On JkHTTPSIndicator HTTPS JkSESSIONIndicator SSL_SESSION_ID JkCIPHERIndicator SSL_CIPHER JkCERTSIndicator SSL_CLIENT_CERT JkEnvVar SSL_CLIENT_CERT SSL_CLIENT_CERT JkOptions +ForwardSSLCertChain i use apache 2.2.13-3 and openssl 0.9.8a. Any hints on what might have gone wrong will be highly useful. regards Tim |
|