On Mon, Aug 2, 2010 at 10:31 AM, Tina Exner <texner@xxxxxxxxxxxxxx> wrote: > hi all, > > we have a nexus multiid server for certificate authentication. > i try to pass the client smartcard certificates from apache to tomcat > server. > the tomcat talks to the nexus and the authentication take effect. > > when i try to export the client ca certificate to the tomcat server > i get the following errors: > > [Mon Aug 02 15:36:40 2010] [error] [client] Certificate Verification: Error > (20): unable to get local issuer certificate > [Mon Aug 02 15:36:40 2010] [error] [client] Re-negotiation handshake failed: > Not accepted by client!? Wouldn't that mean an error between Apache and the browser, not tomcat? > > @Firefox: > (Fehlercode: ssl_error_unknown_ca_alert) Wouldn't that mean an error between Apache and the browser, not tomcat? > <Location /nexus> > SSLVerifyClient require > SSLVerifyDepth 5 Can you test without per-directory client certificate requests / renegotiation? Awfully complicated subject after CVE-2009-3555. -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|