Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

sqldatasource dal, wwwxxxenden, convert raid5 to raid 10 mdadm, apache force chunked, nrao wwwxxx, xxxxxdup, procmail change subject header, wwwXxx not20, Wwwxxx.doks sas, linux raid resync after reboot

Links

XODOX
Impressum

#1: peer did not return a certificate No CAs known to server for verification?

Posted on 2010-12-20 06:59:18 by Abhijit Bhate

This is a multi-part message in MIME format.

------_=_NextPart_001_01CBA00B.0B8B3E39
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello All,

=20

We have opened a java web service & our clients are facing issues while
accessing it. They are consistently getting SSL / TLS connection failure
message. All these clients are using VeriSign class 1 certificates. In
apache error logs we see below message:

=20

[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Certificate Verification:
Error (20): unable to get local issuer certificate=20
[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Re-negotiation handshake
failed: Not accepted by client!?=20
[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Certificate Verification:
Error (20): unable to get local issuer certificate=20
[Fri Oct 12 17:42:04 2007] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)=20
[Fri Oct 12 17:42:04 2007] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

=20

This is happening only with class 1 certificates, class 3 certificates
are working fine. Earlier we were using IBM HTTP Server & our clients
were able to connect to our web service. But since we have moved to
Apache HTTP Server, they are facing this issue.

=20

Is there any known fix for this? kindly advice. You suggestions are real
value for us.

=20

Note: All these clients are either PHP / .NET clients. Java clients are
able to use class 1 certificates successfully.

=20

Thanks,

Abhijit Mohan Bhate

+91-98-50-886360

=20


------_=_NextPart_001_01CBA00B.0B8B3E39
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:#17365D;}
..MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DWordSection1>

<p class=3DMsoNormal><span style=3D'color:#17365D'>Hello =
All,<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'color:#17365D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#17365D'>We have opened a java =
web
service &amp; our clients are facing issues while accessing it. They are
consistently getting SSL / TLS connection failure message. All these =
clients
are using VeriSign class 1 certificates. In apache error logs we see =
below message:<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'color:#17365D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Verdana","sans-serif" ;
color:black'>[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Certificate
Verification: Error (20): unable to get local issuer certificate <br>
[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Re-negotiation handshake =
failed:
Not accepted by client!? <br>
[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Certificate Verification: =
Error
(20): unable to get local issuer certificate <br>
[Fri Oct 12 17:42:04 2007] [error] mod_ssl: SSL error on writing data =
(OpenSSL
library error follows) <br>
[Fri Oct 12 17:42:04 2007] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate =
returned<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Verdana","sans-serif" ;
color:black'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#17365D'>This is happening =
only with
class 1 certificates, class 3 certificates are working fine. Earlier we =
were
using IBM HTTP Server &amp; our clients were able to connect to our web
service. But since we have moved to Apache HTTP Server, they are facing =
this
issue.<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'color:#17365D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#17365D'>Is there any known =
fix for this?
kindly advice. You suggestions are real value for =
us.<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'color:#17365D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#17365D'>Note: All these =
clients are
either PHP / .NET clients. Java clients are able to use class 1 =
certificates successfully.<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'color:#17365D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'color:#17365D'>Thanks,<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#17365D'>Abhijit Mohan =
Bhate<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'color:#17365D'>+91-98-50-886360<o:p></o:p></span></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

</div>

</body>

</html>

------_=_NextPart_001_01CBA00B.0B8B3E39--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Report this message