httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "McGregor, Donald (Don) (CIV)" <mcgr...@nps.edu>
Subject [users] Re: [users@httpd] CAC Card Authentication
Date Mon, 02 Jun 2014 03:47:59 GMT

On Jun 1, 2014, at 6:18 AM, Steven Siebert <smsiebe@gmail.com<mailto:smsiebe@gmail.com>>
wrote:


On Fri, May 30, 2014 at 12:00 AM, McGregor, Donald (Don) (CIV) <mcgredo@nps.edu<mailto:mcgredo@nps.edu>>
wrote:
ERR_SSL_P


Can you provide the (sanitized) apache error_log when you try mutual auth?

S

Using IE client on Windows 8.1:

[Sun Jun 01 20:40:35 2014] [error] Certificate Verification: Error (20): unable to get local
issuer certificate
[Sun Jun 01 20:40:35 2014] [error] Re-negotiation handshake failed: Not accepted by client!?
[Sun Jun 01 20:40:35 2014] [error] Re-negotiation handshake failed: Not accepted by client!?

Using Chrome client on Windows 8.1:

[Sun Jun 01 20:42:10 2014] [error] Re-negotiation handshake failed: Not accepted by client!?
[Sun Jun 01 20:42:15 2014] [error] Re-negotiation handshake failed: Not accepted by client!?
[Sun Jun 01 20:42:26 2014] [error] Certificate Verification: Error (20): unable to get local
issuer certificate
[Sun Jun 01 20:42:26 2014] [error] Re-negotiation handshake failed: Not accepted by client!?

As I said, the standard https seems to work in non-CAC enabled directories. From Chrome on
OSX
for the lock icon:

"The identity of this website has been verified by DOD CA-27 but does not have public audit
records."


Mime
View raw message