Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 42616 invoked from network); 9 Dec 2004 22:44:48 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 9 Dec 2004 22:44:48 -0000 Received: (qmail 27281 invoked by uid 500); 9 Dec 2004 22:44:34 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 27266 invoked by uid 500); 9 Dec 2004 22:44:34 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 27252 invoked by uid 99); 9 Dec 2004 22:44:34 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from cdhs.state.co.us (HELO hscenl03.cdhs.state.co.us) (165.127.151.4) by apache.org (qpsmtpd/0.28) with SMTP; Thu, 09 Dec 2004 14:44:33 -0800 Received: from unknown(165.127.151.96) by hscenl03.cdhs.state.co.us via csmap id 0100c454_4a34_11d9_8e1f_0002b3c8a03f_21549; Thu, 09 Dec 2004 15:45:19 -0700 (MST) Received: from CDHSDOM-MTA by hscens07.cdhs.state.co.us with Novell_GroupWise; Thu, 09 Dec 2004 15:44:31 -0700 Message-Id: X-Mailer: Novell GroupWise Internet Agent 6.5.2 Date: Thu, 09 Dec 2004 15:43:46 -0700 From: "Brian Rook" To: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Virus-Checked: Checked Subject: Re: [users@httpd] client cert authentication problem X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Forgot to add my error log information in the last email: [Thu Dec 09 10:51:04 2004] [error] Certificate Verification: Error (18): self signed certificate [Thu Dec 09 10:51:04 2004] [error] SSL handshake failed (server dev.childsupport.state.co.us:443, client 165.127.154.64) [Thu Dec 09 10:51:04 2004] [error] SSL Library Error: 336105650 error:140890B2:lib(20):func(137):reason(178) [Thu Dec 09 10:52:19 2004] [error] Spurious SSL handshake interrupt [Hint: Usually just one of those OpenSSL confusions! ?] [Thu Dec 09 10:52:20 2004] [error] SSL handshake failed (server dev.childsupport.state.co.us:443, client 165.127.158.212 ) [Thu Dec 09 10:52:20 2004] [error] SSL Library Error: 336105671 error:140890C7:lib(20):func(137):reason(199) This is what the last entry looked like. Looks like Apache _is_ trying to do some sort of certificate validation. >>> jorton@redhat.com 12/9/2004 1:20:27 PM >>> On Thu, Dec 09, 2004 at 10:34:09AM -0700, Brian Rook wrote: > Hello, > > I added the following lines to my virtual host > > > ServerName dev.childsupport.state.co.us > SSLEngine on > *> SSLVerifyClient require > *> SSLVerifyDepth 10 > SSLCertificateFile conf/ssl.crt/myserver.crt > SSLCertificateKeyFile conf/ssl.key/myserver.key > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 > ProxyRemote /* http://myserver:8080/ > ProxyPass / http://myserver:8080/ > ProxyPassReverse / http://myserver:8080/ > You also have to configure the set of trusted CAs for you have issued client certificates, using SSLCACertificateFile and ...Path - have you done that? http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslcacertificatefile What does the server error_log say? joe --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org