httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tina Exner <tex...@picturesafe.de>
Subject [users@httpd] Export CACertificate to Tomcat
Date Mon, 02 Aug 2010 14:31:25 GMT
hi all,

we have a nexus multiid server for certificate authentication.
i try to pass the client smartcard certificates from apache to tomcat 
server.
the tomcat talks to the nexus and the authentication take effect.

when i try to export the client ca certificate to the tomcat server
  i get the following errors:

[Mon Aug 02 15:36:40 2010] [error] [client] Certificate Verification: 
Error (20): unable to get local issuer certificate
[Mon Aug 02 15:36:40 2010] [error] [client] Re-negotiation handshake 
failed: Not accepted by client!?

@Firefox:
(Fehlercode: ssl_error_unknown_ca_alert)


this is my ssl configuration:

<IfModule ssl_module>
           SSLVerifyClient none
           SSLVerifyDepth 5

           #SSLOptions +ExportCertData +StrictRequire +StdEnvVars 
+FakeBasicAuth
           SSLOptions +ExportCertData

           #SSLCACertificateFile conf/ssl/Certificate.cer

</IfModule>

<Location /nexus>
                 SSLVerifyClient         require
                 SSLVerifyDepth          5

                 #SSLCACertificateFile    
/ps/apache2.2/testsystem1/conf/ssl/Certificate.crt
                 #SSLOptions             +ExportCertData +StrictRequire 
+StdEnvVars +FakeBasicAuth
                 SSLOptions              +ExportCertData +StdEnvVars
                 #SSLRequireSSL
</Location>


my jk.conf:

   JkExtractSSL          On
   JkHTTPSIndicator      HTTPS
   JkSESSIONIndicator    SSL_SESSION_ID
   JkCIPHERIndicator     SSL_CIPHER
   JkCERTSIndicator      SSL_CLIENT_CERT
   JkEnvVar              SSL_CLIENT_CERT SSL_CLIENT_CERT
   JkOptions             +ForwardSSLCertChain


i use apache 2.2.13-3 and openssl 0.9.8a.

Any hints on what might have gone wrong will be highly useful.

regards
Tim


Mime
View raw message