httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: [users@httpd] Re-negotiation handshake failed
Date Thu, 15 Apr 2010 18:27:37 GMT
After I installed a certificate on my browser (tested on both IE and 
Firefox), I was able to access the site with client authentication.  I was 
expecting my browser to pop up a dialog and ask me for a certificate. 
However, it seems like the browser won't do so if I have no certificate 
installed on my browser.  Anyway, thanks for your help.

Kenneth Yeung

Serge Dubrouski <> 
04/15/2010 09:44 AM
Please respond to


Re: [users@httpd] Re-negotiation handshake failed

This message is normal. It says that server expected user certificate
but it wasn't presented by browser.

On Tue, Apr 13, 2010 at 5:31 PM,  <> wrote:
> Greeting!
> I'm having a problem on setting up client certificate on my test site on
> Apache 2.2.15/OpenSSL 0.9.8m on Windows XP.  I followed the "How-To"
> articles on mod_ssl (
>  When I browse the site, I got the following error message in the log:
> Re-negotiation handshake failed: Not accepted by client!?
> I read through the documentation.  I tried to turn 
> on and off, but no luck.  I attached the configuration of my virtual 
> hoping that you would point out anything that I've missed.  Oh, when I 
> that the site wasn't working, I was referring to my browser, which 
> an error page with the code: ssl_error_handshake_failure_alert, instead 
> asking me for a certificate.
> Thanks,
> Kenneth Yeung
> <VirtualHost *:10991>
>     ServerAdmin
>     DocumentRoot "C:/hosts-static/mysite/ROOT"
>     ServerName
>     ErrorLog "C:/hosts-static/mysite/log/ROOT-error.log"
>     CustomLog "C:/hosts-static/mysite/log/ROOT-access.log" common
>     SSLEngine on
>     SSLCipherSuite HIGH:MEDIUM
>     SSLCertificateFile "C:/Apache2.2/conf/ssl.crt/mysite.crt"
>     SSLCertificateKeyFile "C:/Apache2.2/conf/ssl.crt/mysite.key"
>     SSLInsecureRenegotiation on
>     <Directory C:/hosts-static/mysite/ROOT>
>             Order deny,allow
>             Allow from all
>         SSLVerifyClient require
>         SSLVerifyDepth 1
>         SSLCACertificateFile 
>     </Directory>
> </VirtualHost>

Serge Dubrouski.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message