client authentication

client authentication

am 05.06.2002 15:53:43 von Edgard Janzen

This is a multi-part message in MIME format.

------=_NextPart_000_00DD_01C20C7F.422FBD40
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,

i=B4m trying to use Client Authentication with certificates... so I=B4m =
using
apache_1.3.22
mod_ssl_2.8.5-1.3.22
openssl-0.9.6c

and the apache configurations is like this


ServerAdmin suporte@psmi.com.br
DocumentRoot /home/www-data/443.psmi.com.br
ServerName 443.psmi.com.br
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
LogLevel warn
ErrorLog /home/log-data/443.psmi.com.br-error_log
CustomLog /home/log-data/443.psmi.com.br-access_log common
CustomLog /home/log-data/443.psmi.com.br-referer_log referer
CustomLog /home/log-data/443.psmi.com.br-agent_log agent
ProxyPass / http://172.16.2.159:8080/443/
ProxyPassReverse / http://172.16.2.159:8080/443/
ProxyPass /misc_ http://172.16.2.159:8080/misc_
ProxyPass /p_ http://172.16.2.159:8080/p_
ProxyVia on
SSLEngine on
SSLCertificateFile /usr/local/apache-ssl/conf/chaves443/public.crt
SSLCertificateKeyFile =
/usr/local/apache-ssl/conf/chaves443/secureprivate.key
SSLCACertificatePath /usr/local/apache-ssl/conf/chaves443/
SSLCACertificateFile /usr/local/apache-ssl/conf/chaves443/unicert.cer
SSLVerifyClient 2
SSLVerifyDepth 10


SSLOptions +StdEnvVars


SSLOptions +StdEnvVars



SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0


and after I show my certificate on the broser I get an error window an =
the log says so:

[Wed Jun 5 09:24:32 2002] [error] mod_ssl: Certificate Verification: =
Error (20): unable to get local issuer certificate
[Wed Jun 5 09:24:32 2002] [error] mod_ssl: SSL handshake failed (server =
443.psmi.com.br:443, client 172.16.2.47) (OpenSSL library error follows)
[Wed Jun 5 09:24:32 2002] [error] OpenSSL: error:140890B2:SSL =
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

could someone help me? any idea?
thaks a lot





------------------------------------------------------------ -------------=
--------
Edgard Janzen
Electrical Engineer (Electronic/Telecom.)
PSmi Editora Digital Ltda
------------------------------------------------------------ -------------=
--------
E-mail: edgard@psmi.com.br
Home-page: http://www.psmi.com.br/
Address: Rua Brasilio Itiber=EA, 2928 - Sobreloja
Rebou=E7as - Curitiba - PR - 80250-160
Phone/Fax:(41) 333-3699
------------------------------------------------------------ -------------=
--------

------=_NextPart_000_00DD_01C20C7F.422FBD40
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable



charset=3Diso-8859-1">




Hi,

 

i=B4m trying to use Client =
Authentication with=20
certificates... so I=B4m using

apache_1.3.22

mod_ssl_2.8.5-1.3.22

openssl-0.9.6c

 

and the apache configurations is like=20
this

 

<VirtualHost=20
192.168.254.142:443>
    ServerAdmin href=3D"mailto:suporte@psmi.com.br">suporte@psmi.com.br
 &nbs=
p; =20
DocumentRoot /home/www-data/443.psmi.com.br
    =
ServerName=20
443.psmi.com.br
    ScriptAlias /cgi-bin/=20
"/usr/local/apache/cgi-bin/"
    LogLevel=20
warn
    ErrorLog=20
/home/log-data/443.psmi.com.br-error_log
    CustomLog =

/home/log-data/443.psmi.com.br-access_log common
    =
CustomLog=20
/home/log-data/443.psmi.com.br-referer_log referer
    =

CustomLog /home/log-data/443.psmi.com.br-agent_log =
agent
   =20
ProxyPass / href=3D"http://172.16.2.159:8080/443/">http://172.16.2.159:8 080/443/<=
BR>   =20
ProxyPassReverse / href=3D"http://172.16.2.159:8080/443/">http://172.16.2.159:8 080/443/<=
BR>   =20
ProxyPass /misc_ href=3D"http://172.16.2.159:8080/misc">http://172.16.2.159:8 080/misc_=

   =20
ProxyPass /p_ href=3D"http://172.16.2.159:8080/p">http://172.16.2.159:8080 /p_
&n=
bsp;  =20
ProxyVia on
SSLEngine on
SSLCertificateFile=20
/usr/local/apache-ssl/conf/chaves443/public.crt
SSLCertificateKeyFile =

/usr/local/apache-ssl/conf/chaves443/secureprivate.key
SSLCACertificat=
ePath=20
/usr/local/apache-ssl/conf/chaves443/
SSLCACertificateFile=20
/usr/local/apache-ssl/conf/chaves443/unicert.cer
SSLVerifyClient=20
2
SSLVerifyDepth  10

 

<Files ~=20
"\.(cgi|shtml|phtml|php3?)$">
    SSLOptions=20
+StdEnvVars
</Files>
<Directory=20
"/usr/local/apache-ssl/cgi-bin">
    SSLOptions=20
+StdEnvVars
</Directory>

 


SetEnvIf User-Agent ".*MSIE.*"=20
\
         nokeepalive=20
ssl-unclean-shutdown =
\
        =20
downgrade-1.0 =
force-response-1.0
</VirtualHost>

and after I show my certificate on the =
broser I get=20
an error window an the log says so:

 

[Wed Jun  5 09:24:32 2002] [error] =
mod_ssl:=20
Certificate Verification: Error (20): unable to get local issuer=20
certificate
[Wed Jun  5 09:24:32 2002] [error] mod_ssl: SSL =
handshake=20
failed (server 443.psmi.com.br:443, client 172.16.2.47) (OpenSSL library =
error=20
follows)
[Wed Jun  5 09:24:32 2002] [error] OpenSSL: =
error:140890B2:SSL=20
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate =
returned

could someone help me? any =
idea?

thaks a lot

 

 

 

 

 

size=3D2>--------------------------------------------------- -------------=
-----------------
Edgard=20
Janzen
Electrical Engineer (Electronic/Telecom.)
PSmi Editora =
Digital=20
Ltda
------------------------------------------------------------ -----=
----------------
E-mail:=20
href=3D"mailto:edgard@psmi.com.br">edgard@psmi.com.br
Home-page: =
href=3D"http://www.psmi.com.br/">http://www.psmi.com.br/
Address: =
Rua=20
Brasilio Itiber=EA, 2928 - Sobreloja
Rebou=E7as - Curitiba - PR -=20
80250-160
Phone/Fax:(41)=20
333-3699
------------------------------------------------------------ -=
--------------------


------=_NextPart_000_00DD_01C20C7F.422FBD40--

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org