httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jose Correia (J)" <>
Subject [users@httpd] apache and client certificates
Date Tue, 17 Sep 2002 13:43:14 GMT
Hi all

Is anyone aware of Apache version 1.3.20 having problems with client

I've created my own CA created using openssl (vs 0.9.6a). I then
created and signed my server certificate with the CA using openssl.
(apache is on a RH Linux 6.2 machine)

I then created a client public key using Java's keytool (from my
Win2000 client machine). I then took this key and signed it with my CA
using openssl which I duly converted into DER format. I then imported
my CA's certificate in my JSSE keystore plus the now created client
certificate which replaces the previous public key.

In my Apache I mention these:
SSLCertificateFile /jose/CA2/server.crt
SSLCertificateKeyFile /jose/CA2/server.key
SSLCACertificateFile /jose/CA2/demoCA/cacert.pem
SSLVerifyClient require
SSLVerifyDepth  10

When I connect, I'm getting the following on ssl_engine.log

"[17/Sep/2002 15:20:22 28388] [error] SSL handshake failed (server, client (OpenSSL library error
[17/Sep/2002 15:20:22 28388] [error] OpenSSL: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown"

and from my Java client I'm getting:

"main, SEND SSL v3.1 ALERT:  fatal, description = certificate_unknown
main, WRITE:  SSL v3.1 Alert, length = 2 peer not authenticated"

Hence my confusion since I know my client certificate was signed by
the CA mentioned in apache httpd.conf... :-(

Anyone got a clue? I've searched extensevily...

Thanks a lot
Jose Correia

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message