httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luis Neves <luisne...@hotmail.com>
Subject RE: [users@httpd] SSLCACertificatePath breaks something
Date Wed, 04 Aug 2010 16:32:44 GMT

Sorry, back to original question

When I use a certain third-party mod_sso.so in apache, SSLCACertificatePath and SSLCACertificateFile
are not used because the specific module has his own equivalents.

so my first problem remains:

Using Apache 2.2.3 or later, and mod_sso.so bundled with them

When I use SSLCACertificatePath I get this errors in the logs and cannot access my protected
page:

[Wed Aug 04 13:48:34.257972 2010] [error] [pid 3134] [client 
10.15.1.74:48696] Certificate Verification: Error (20): unable to get 
local issuer certificate
[Wed Aug 04 13:48:34.258299 2010] [info] 
[pid 3134] [client 10.15.1.74:48696] SSL library error 1 in handshake 
(server beehive.cm-lisboa.net:443)
[Wed Aug 04 13:48:34.258412 2010] 
[info] [pid 3134] SSL Library Error: error:140890B2:SSL 
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

Thanks
Luis Neves

From: luisneves@hotmail.com
To: users@httpd.apache.org
Date: Wed, 4 Aug 2010 16:09:35 +0000
Subject: RE: [users@httpd] SSLCACertificatePath breaks something








Well, I said an error

It happens even using Apache 2.2.3

The only way it works ok is using a third-party mod_sso.so

So, must be some kind of mod_sso bug

Luis
From: luisneves@hotmail.com
To: users@httpd.apache.org
Date: Wed, 4 Aug 2010 15:59:13 +0000
Subject: RE: [users@httpd] SSLCACertificatePath breaks something








New info:

I only have this error in a compiled Apache 2.3.6

If I make the same test on the already existing Apache (httpd-2.2.3-6.el5) then I dont get
 any problems using 
SSLCACertificatePath instead of SSLCACertificateFile

Luis
From: luisneves@hotmail.com
To: users@httpd.apache.org
Date: Wed, 4 Aug 2010 15:40:47 +0000
Subject: [users@httpd] SSLCACertificatePath breaks something








Hi to all,

if in apache I use in 
SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
I dont have any errors regarding the client certificate

If I change it to
SSLCACertificatePath /usr/local/apache2/conf/certs
(and comment the SSLCACertificateFile line)

where certs is the folder where I have all the individual PEM certificates and symbolic links
to their hashes
I get on error_log

[Wed Aug 04 13:48:34.257972 2010] [error] [pid 3134] [client 10.15.1.74:48696] Certificate
Verification: Error (20): unable to get local issuer certificate
[Wed Aug 04 13:48:34.258299 2010] [info] [pid 3134] [client 10.15.1.74:48696] SSL library
error 1 in handshake (server beehive.cm-lisboa.net:443)
[Wed Aug 04 13:48:34.258412 2010] [info] [pid 3134] SSL Library Error: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

Icant find why or what I am missing
Can you help?

Regards,
Luis
 		 	   		  
Mime
View raw message