SSL library error 1 in handshake
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Hello all,
I have a debian os running Apache 2.2.16(debian) along with tomcat
6.0.29. I use mod_jk as well as mod_auth_kerb module for apache. Apache and the modules are debian repository packages.
I recently attempted to activate common access cards and if I just activate them but do not force them it works great.
Once I force access cards, I get the following error and my web-apps break.
Force access cards via:
SSLVerifyClient require
SSLVerifyDepth 2
info level logging error.log:
[Tue Jan 18 14:47:07 2011] [info] [client 127.0.1.1] SSL library error 1 in handshake (server myserver.xxx.xxx.xxx:443)
[Tue Jan 18 14:47:07 2011] [info] SSL Library Error: 336105671 error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate No CAs known to server for verification?
The web-app that throws this message uses a python proxy to make an ajax call to a different web context (we do this to avoid the cross site error).
I believe what is happening is that the python script [client 127.0.1.1] is making the request to apache without valid client certs and hence is getting denied.
I have a directive in apache2_home/sites-enabled/default-ssl conf file that I had hoped would solve this issue(however it does not).
directive in default-ssl conf file
Allow from localhost
Allow from 127.0.1.1
Allow from 127.0.0.1
Is there a solution to this issue?
Perhaps a way to not require client cert from localhost?
Thanks for any advice, much appreciated!
Cheers,
ÂG40
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
