Hello I'm trying to use apache with client auth, but I can't. The
problem is in logs errors: . . . before other CA a, B ,C ,D, E, F are strings . [Wed Jul 06 21:56:47 2005] [debug] ssl_engine_init.c(1095): CA certificate: /C=A/ST=B/L=C/O=D/OU=Webserver Team/CN=www.foo.com/emailAddress=[hidden email] [Wed Jul 06 21:56:47 2005] [debug] ssl_engine_init.c(1095): CA certificate: /C=A/ST=B/L=C/O=D/OU=Webserver Team/CN=www.foo.com/emailAddress=[hidden email] [Wed Jul 06 21:56:47 2005] [debug] ssl_engine_init.c(1095): CA certificate: /C=A/ST=B/L=C/O=D/OU=Certificate Authority/CN=F CA/emailAddress=[hidden email] . . . [Wed Jul 06 21:57:34 2005] [debug] ssl_engine_kernel.c(1210): Certificate Verification: depth: 0, subject: /C=A/ST=B/L=C/O=None/OU=None/CN=Fran D, /emailAddress=[hidden email], issuer: /C=A/ST=B/L=C/O=D/OU=Certificate Authority/CN=F CA/emailAddress=[hidden email] [Wed Jul 06 21:57:44 2005] [error] Certificate Verification: Error (20): unable to get local issuer certificate [Wed Jul 06 21:57:44 2005] [debug] ssl_engine_kernel.c(1790): OpenSSL: Write: SSLv3 read client certificate B [Wed Jul 06 21:57:44 2005] [debug] ssl_engine_kernel.c(1809): OpenSSL: Exit: error in SSLv3 read client certificate B [Wed Jul 06 21:57:44 2005] [debug] ssl_engine_kernel.c(1809): OpenSSL: Exit: error in SSLv3 read client certificate B [Wed Jul 06 21:57:44 2005] [info] SSL library error 1 in handshake (server www.foo.com:8443, client 192.168.0.2) [Wed Jul 06 21:57:44 2005] [info] SSL Library Error: 336105650 error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned [Wed Jul 06 21:57:44 2005] [info] Connection to child 2 closed with abortive shutdown(server www.foo.com:8443, client 192.168.0.2) Anyone know How to solve this problem? It's posible get datum of certificates(like CN of client or server) into Apache C API? Thanks, Fran. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Is your client sending only its certificate, or are you sending the entire certificate chain?
It looks like your server is unable to rebuild the cert. chain from the client to the root. -----Original Message----- From: "Fco .J. Arias" <[hidden email]> Sent: Jul 6, 2005 2:47 PM To: [hidden email] Subject: Apache 2.0 + ssl + client cert + server cert Hello I'm trying to use apache with client auth, but I can't. The problem is in logs errors: . . . before other CA a, B ,C ,D, E, F are strings . [Wed Jul 06 21:56:47 2005] [debug] ssl_engine_init.c(1095): CA certificate: /C=A/ST=B/L=C/O=D/OU=Webserver Team/CN=www.foo.com/emailAddress=[hidden email] [Wed Jul 06 21:56:47 2005] [debug] ssl_engine_init.c(1095): CA certificate: /C=A/ST=B/L=C/O=D/OU=Webserver Team/CN=www.foo.com/emailAddress=[hidden email] [Wed Jul 06 21:56:47 2005] [debug] ssl_engine_init.c(1095): CA certificate: /C=A/ST=B/L=C/O=D/OU=Certificate Authority/CN=F CA/emailAddress=[hidden email] . . . [Wed Jul 06 21:57:34 2005] [debug] ssl_engine_kernel.c(1210): Certificate Verification: depth: 0, subject: /C=A/ST=B/L=C/O=None/OU=None/CN=Fran D, /emailAddress=[hidden email], issuer: /C=A/ST=B/L=C/O=D/OU=Certificate Authority/CN=F CA/emailAddress=[hidden email] [Wed Jul 06 21:57:44 2005] [error] Certificate Verification: Error (20): unable to get local issuer certificate [Wed Jul 06 21:57:44 2005] [debug] ssl_engine_kernel.c(1790): OpenSSL: Write: SSLv3 read client certificate B [Wed Jul 06 21:57:44 2005] [debug] ssl_engine_kernel.c(1809): OpenSSL: Exit: error in SSLv3 read client certificate B [Wed Jul 06 21:57:44 2005] [debug] ssl_engine_kernel.c(1809): OpenSSL: Exit: error in SSLv3 read client certificate B [Wed Jul 06 21:57:44 2005] [info] SSL library error 1 in handshake (server www.foo.com:8443, client 192.168.0.2) [Wed Jul 06 21:57:44 2005] [info] SSL Library Error: 336105650 error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned [Wed Jul 06 21:57:44 2005] [info] Connection to child 2 closed with abortive shutdown(server www.foo.com:8443, client 192.168.0.2) Anyone know How to solve this problem? It's posible get datum of certificates(like CN of client or server) into Apache C API? Thanks, Fran. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Hello, I already solve the problem, seems that de message debug:
error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate > returned is false or incorrect, the correct debug message could be: :sorry I can't verify the client certificate, I do not know the CA. Thanks a lot. Fran O Mér, 2005-07-06 ás 23:57, Joseph Bruni escribiu: > Is your client sending only its certificate, or are you sending the entire certificate chain? > It looks like your server is unable to rebuild the cert. chain from the client to the root. > > > > -----Original Message----- > From: "Fco .J. Arias" <[hidden email]> > Sent: Jul 6, 2005 2:47 PM > To: [hidden email] > Subject: Apache 2.0 + ssl + client cert + server cert > > Hello I'm trying to use apache with client auth, but I can't. The > problem is in logs errors: > > . > . > . > before other CA > a, B ,C ,D, E, F are strings > . > [Wed Jul 06 21:56:47 2005] [debug] ssl_engine_init.c(1095): CA > certificate: /C=A/ST=B/L=C/O=D/OU=Webserver > Team/CN=www.foo.com/emailAddress=[hidden email] > [Wed Jul 06 21:56:47 2005] [debug] ssl_engine_init.c(1095): CA > certificate: /C=A/ST=B/L=C/O=D/OU=Webserver > Team/CN=www.foo.com/emailAddress=[hidden email] > [Wed Jul 06 21:56:47 2005] [debug] ssl_engine_init.c(1095): CA > certificate: /C=A/ST=B/L=C/O=D/OU=Certificate Authority/CN=F > CA/emailAddress=[hidden email] > > . > . > . > [Wed Jul 06 21:57:34 2005] [debug] ssl_engine_kernel.c(1210): > Certificate Verification: depth: 0, subject: > /C=A/ST=B/L=C/O=None/OU=None/CN=Fran D, /emailAddress=[hidden email], > issuer: /C=A/ST=B/L=C/O=D/OU=Certificate Authority/CN=F > CA/emailAddress=[hidden email] > [Wed Jul 06 21:57:44 2005] [error] Certificate Verification: Error (20): > unable to get local issuer certificate > [Wed Jul 06 21:57:44 2005] [debug] ssl_engine_kernel.c(1790): OpenSSL: > Write: SSLv3 read client certificate B > [Wed Jul 06 21:57:44 2005] [debug] ssl_engine_kernel.c(1809): OpenSSL: > Exit: error in SSLv3 read client certificate B > [Wed Jul 06 21:57:44 2005] [debug] ssl_engine_kernel.c(1809): OpenSSL: > Exit: error in SSLv3 read client certificate B > [Wed Jul 06 21:57:44 2005] [info] SSL library error 1 in handshake > (server www.foo.com:8443, client 192.168.0.2) > [Wed Jul 06 21:57:44 2005] [info] SSL Library Error: 336105650 > error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate > returned > [Wed Jul 06 21:57:44 2005] [info] Connection to child 2 closed with > abortive shutdown(server www.foo.com:8443, client 192.168.0.2) > > > Anyone know How to solve this problem? > > > > It's posible get datum of certificates(like CN of client or server) into > Apache C API? > > Thanks, Fran. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [hidden email] > Automated List Manager [hidden email] > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [hidden email] > Automated List Manager [hidden email] OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Free forum by Nabble | Edit this page |