Client Authentication

Client Authentication

am 04.04.2005 15:54:38 von Hoda Nadeem

------_=_NextPart_001_01C5391D.D819527A
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

=20
I am working on an SSL interface with smart cards with on board
certificates.=20
=20
I have enabled client authentication in apache through the following
lines:=20
=20
SSLVerifyClient require
SSLVerifyDepth 1
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

And, the server definitely requests the client certificate, but I get
the following errors:
=20
[Sun Apr 03 04:02:04 2005] [warn] Init: Oops, you want to request client
authentication, but no CAs are known for verification!? [Hint:
SSLCACertificate*]
[Sun Apr 03 04:02:04 2005] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Mon Apr 04 09:07:04 2005] [error] Certificate Verification: Error (20):
unable to get local issuer certificate

The second error is obviously because I have a test certificate on my
server.
=20
Following these errors, the system hangs...stays indefinitely in waiting
state, or goes to 'page cannot be found'
=20
Any help is appreciated.=20
=20
Thanks.=20
=20
Nadeem

------_=_NextPart_001_01C5391D.D819527A
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable



charset=3Dus-ascii">


 

I am =
working on an=20
SSL interface with smart cards with on board certificates. =

size=3D2> 

I have =
enabled=20
client authentication in apache through the following lines:=20

size=3D2> 

size=3D2>SSLVerifyClient=20
require
SSLVerifyDepth 1
SSLCertificateFile=20
/etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile=20
/etc/httpd/conf/ssl.key/server.key

And, =
the server=20
definitely requests the client certificate, but I get the following=20
errors:

size=3D2> 

[Sun =
Apr 03 04:02:04=20
2005] [warn] Init: Oops, you want to request client authentication, but =
no CAs=20
are known for verification!?  [Hint: SSLCACertificate*]
[Sun Apr =
03=20
04:02:04 2005] [warn] RSA server certificate CommonName (CN)=20
`localhost.localdomain' does NOT match server name!?
[Mon Apr 04 =
09:07:04=20
2005] [error] Certificate Verification: Error (20): unable to get local =
issuer=20
certificate

The =
second error is=20
obviously because I have a test certificate on my =
server.

size=3D2> 

size=3D2>Following these=20
errors, the system hangs...stays indefinitely in waiting state, or goes =
to 'page=20
cannot be found'

size=3D2> 

Any =
help is=20
appreciated.

size=3D2> 

size=3D2>Thanks.=20

size=3D2> 

size=3D2>Nadeem


------_=_NextPart_001_01C5391D.D819527A--