httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Ljungblad" <christopher.ljungb...@gmail.com>
Subject Re: [users@httpd] Client certificate - handshake failed
Date Tue, 08 Apr 2008 20:40:32 GMT
Thanks for quick reply Serge,

I'm still a bit confused and can not really address the problem, so

I also checked the ssl access_log where I got these 2 messages:

192.168.0.254 - - [08/Apr/2008:22:27:59 +0200] "POST
/servlets/nexus.seam?action=authenticate&client=nexus-personal_4 HTTP/1.1"
403 -

192.168.0.254 - - [08/Apr/2008:22:28:00 +0200] "POST
/servlets/nexus.seam?action=authenticate&client=nexus-personal_4 HTTP/1.1"
500 3012

And in my java code where I usually (using Tomcat and a keystore) can fetch
the certificates I got a null-pointer exception (certs is now null)

X509Certificate[] certs =
(X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate");

How do I know that the Apache httpd correctly gets the certificates?
How do I fetch the certficate in my java application (Tomcat)?
Any other suggestions what is going wrong are highly appreciated.

Cheers
Chris



On Tue, Apr 8, 2008 at 9:54 PM, Serge Dubrouski <sergeyfd@gmail.com> wrote:

> Just ignore them, they are generated when client switches between
> locations with different SSLVerifyClient options set.
>
> On Tue, Apr 8, 2008 at 1:51 PM, Christopher Ljungblad
> <christopher.ljungblad@gmail.com> wrote:
> > Hi,
> > We are using Apache httpd 2.2.3 on Red hat linux and have a problem with
> our
> > client certificates.
> >
> > In the ssl.conf file we have a configured a Virtual Host that listens to
> > port 444 that requires the client to verify a certificate.
> >
> > <VirtualHost *:444>
> > <Location /servlets/*>
> >         SSLVerifyClient require
> >         SSLVerifyDepth 1
> >         SSLCACertificateFile /etc/pki/tls/certs/xxxxx_users.cer
> > </Location>
> >
> > This works out fine, the client certificate can be choosen in the
> browser
> > and I can fill in the password and click "ok".
> >  But the certificate is not validated correctly and the ssl_error log
> says:
> >
> > [Tue Apr 08 15:25:23 2008] [error] Re-negotiation handshake failed: Not
> > accepted by client!?
> >
> > What am I missing? I got this working in Tomcat using the exact same
> > certificate. Is there a way to keep the client certificate
> >  handling in Tomcat.
> >
> > Regards
> > /Christopher
> >
> >
>
>
>
> --
> Serge Dubrouski.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

<christopher.ljungblad@gmail.com>

Mime
View raw message