httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Serge Dubrouski <serge...@gmail.com>
Subject Re: [users@httpd] Re-negotiation handshake failed
Date Thu, 15 Apr 2010 18:25:25 GMT
The window would pop-up if you had several certs installed in your browser
that could satisfy server's request. Since you have just one cert installed
browser sends it by default.

On Thu, Apr 15, 2010 at 12:27 PM, <KennethYeung@infoimageinc.com> wrote:

>
> After I installed a certificate on my browser (tested on both IE and
> Firefox), I was able to access the site with client authentication.  I was
> expecting my browser to pop up a dialog and ask me for a certificate.
>  However, it seems like the browser won't do so if I have no certificate
> installed on my browser.  Anyway, thanks for your help.
>
> Kenneth Yeung
>
>
>
>  *Serge Dubrouski <sergeyfd@gmail.com>*
>
> 04/15/2010 09:44 AM
>  Please respond to
> users@httpd.apache.org
>
>   To
> users@httpd.apache.org
> cc
>   Subject
> Re: [users@httpd] Re-negotiation handshake failed
>
>
>
>
> This message is normal. It says that server expected user certificate
> but it wasn't presented by browser.
>
> On Tue, Apr 13, 2010 at 5:31 PM,  <KennethYeung@infoimageinc.com> wrote:
> >
> > Greeting!
> >
> > I'm having a problem on setting up client certificate on my test site on
> > Apache 2.2.15/OpenSSL 0.9.8m on Windows XP.  I followed the "How-To"
> > articles on mod_ssl (http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html
> ).
> >  When I browse the site, I got the following error message in the log:
> >
> > Re-negotiation handshake failed: Not accepted by client!?
> >
> > I read through the documentation.  I tried to turn
> SSLInsecureRenegotiation
> > on and off, but no luck.  I attached the configuration of my virtual
> host,
> > hoping that you would point out anything that I've missed.  Oh, when I
> said
> > that the site wasn't working, I was referring to my browser, which
> displays
> > an error page with the code: ssl_error_handshake_failure_alert, instead
> of
> > asking me for a certificate.
> >
> > Thanks,
> >
> > Kenneth Yeung
> >
> >
> > <VirtualHost *:10991>
> >     ServerAdmin mysite@mycompany.com
> >     DocumentRoot "C:/hosts-static/mysite/ROOT"
> >     ServerName mysite.mycompany.com
> >     ErrorLog "C:/hosts-static/mysite/log/ROOT-error.log"
> >     CustomLog "C:/hosts-static/mysite/log/ROOT-access.log" common
> >
> >     SSLEngine on
> >     SSLCipherSuite HIGH:MEDIUM
> >     SSLCertificateFile "C:/Apache2.2/conf/ssl.crt/mysite.crt"
> >     SSLCertificateKeyFile "C:/Apache2.2/conf/ssl.crt/mysite.key"
> >
> >     SSLInsecureRenegotiation on
> >
> >     <Directory C:/hosts-static/mysite/ROOT>
> >             Order deny,allow
> >             Allow from all
> >
> >         SSLVerifyClient require
> >         SSLVerifyDepth 1
> >         SSLCACertificateFile
> "C:/Apache2.2/conf/ssl.crt/self_signed_ca.crt"
> >
> >     </Directory>
> >
> > </VirtualHost>
>
>
>
> --
> Serge Dubrouski.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>


-- 
Serge Dubrouski.

Mime
View raw message