Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

nrao wwwxxx, xxxxxdup, procmail change subject header, wwwXxx not20, Wwwxxx.doks sas, linux raid resync after reboot, bind-address mysql multiple, sanibleone xxxx, ftp://192.168.100.100/, www.xxxcon

Links

XODOX
Impressum

#1: peer did not return a certificate No CAs known to server for verification?

Posted on 2010-12-20 06:59:18 by Abhijit Bhate

This is a multi-part message in MIME format.

------_=_NextPart_001_01CBA00B.0B8B3E39
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello All,

=20

We have opened a java web service & our clients are facing issues while
accessing it. They are consistently getting SSL / TLS connection failure
message. All these clients are using VeriSign class 1 certificates. In
apache error logs we see below message:

=20

[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Certificate Verification:
Error (20): unable to get local issuer certificate=20
[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Re-negotiation handshake
failed: Not accepted by client!?=20
[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Certificate Verification:
Error (20): unable to get local issuer certificate=20
[Fri Oct 12 17:42:04 2007] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)=20
[Fri Oct 12 17:42:04 2007] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

=20

This is happening only with class 1 certificates, class 3 certificates
are working fine. Earlier we were using IBM HTTP Server & our clients
were able to connect to our web service. But since we have moved to
Apache HTTP Server, they are facing this issue.

=20

Is there any known fix for this? kindly advice. You suggestions are real
value for us.

=20

Note: All these clients are either PHP / .NET clients. Java clients are
able to use class 1 certificates successfully.

=20

Thanks,

Abhijit Mohan Bhate

+91-98-50-886360

=20


------_=_NextPart_001_01CBA00B.0B8B3E39
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:#17365D;}
..MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DWordSection1>

<p class=3DMsoNormal><span style=3D'color:#17365D'>Hello =
All,<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'color:#17365D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#17365D'>We have opened a java =
web
service &amp; our clients are facing issues while accessing it. They are
consistently getting SSL / TLS connection failure message. All these =
clients
are using VeriSign class 1 certificates. In apache error logs we see =
below message:<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'color:#17365D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Verdana","sans-serif" ;
color:black'>[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Certificate
Verification: Error (20): unable to get local issuer certificate <br>
[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Re-negotiation handshake =
failed:
Not accepted by client!? <br>
[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Certificate Verification: =
Error
(20): unable to get local issuer certificate <br>
[Fri Oct 12 17:42:04 2007] [error] mod_ssl: SSL error on writing data =
(OpenSSL
library error follows) <br>
[Fri Oct 12 17:42:04 2007] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate =
returned<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Verdana","sans-serif" ;
color:black'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#17365D'>This is happening =
only with
class 1 certificates, class 3 certificates are working fine. Earlier we =
were
using IBM HTTP Server &amp; our clients were able to connect to our web
service. But since we have moved to Apache HTTP Server, they are facing =
this
issue.<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'color:#17365D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#17365D'>Is there any known =
fix for this?
kindly advice. You suggestions are real value for =
us.<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'color:#17365D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#17365D'>Note: All these =
clients are
either PHP / .NET clients. Java clients are able to use class 1 =
certificates successfully.<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'color:#17365D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'color:#17365D'>Thanks,<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'color:#17365D'>Abhijit Mohan =
Bhate<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'color:#17365D'>+91-98-50-886360<o:p></o:p></span></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

</div>

</body>

</html>

------_=_NextPart_001_01CBA00B.0B8B3E39--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Report this message