httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Julien ALLANOS <>
Subject [users@httpd] SSLv3 authentication with Apache2 and mod_ssl
Date Fri, 09 Sep 2005 15:57:38 GMT

I have the following certificates structure:

caroot (self-signed cert)
   |-----------------> ca1 -------------> user1
   |-----------------> ca2 -------------> user2
   |-----------------> ca3 -------------> server
   \-----------------> user3

user4 (self-signed cert)

I want to give access to users with a valid certificate, and deny access to
others. In this situation, a valid certificate is a certificate issued by ca1.
Then, only user1 is authorized to access pages from Apache; user2 and user3
must be refused. From what I've understood, there is no way to deny access to
user4, as it has a self-signed certificate.

In short, here is my config:

SSLCertificateFile server.pem
SSLCertificateKeyFile server.key
SSLCertificateChainFile caroot-ca3.pem

SSLCACertificateFile ca1.pem
SSLVerifyClient require
SSLVerifyDepth 1

When I try to access a protected resource with Firefox, where the certificate
from user1 has been imported, I get the following:

[error] Certificate Verification: Error (20): unable to get local issuer
[info] SSL library error 1 in handshake
[info] SSL Library Error: 336105650 error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

Can anyone highlight my mistakes please? I really need to get it working.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message