Problem with client digital certificate

Problem with client digital certificate

am 16.07.2002 17:35:32 von joao.srodrigues

Hi,

I'm having some problems using my own CA for user authentication in Apache modssl, win32.
Everything works fine with a demo certificate issued by GlobalSign but when I try with a certificate issued by by own CA I get Invalid Certificate.
Here are the Logs Files:

OK:

+----------------------------------------------------------- --------------+
[Tue Jul 16 16:19:59 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\m odules\ssl\ssl_engine_kernel.c(1294): Certificate Verification: depth: 3, subject: /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA, issuer: /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
[Tue Jul 16 16:19:59 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\m odules\ssl\ssl_engine_kernel.c(1294): Certificate Verification: depth: 2, subject: /C=BE/O=GlobalSign nv-sa/OU=Primary Class 1 CA/CN=GlobalSign Primary Class 1 CA, issuer: /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
[Tue Jul 16 16:19:59 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\m odules\ssl\ssl_engine_kernel.c(1294): Certificate Verification: depth: 1, subject: /C=BE/O=GlobalSign nv-sa/OU=Class 1 CA/CN=GlobalSign Class 1 CA, issuer: /C=BE/O=GlobalSign nv-sa/OU=Primary Class 1 CA/CN=GlobalSign Primary Class 1 CA
[Tue Jul 16 16:19:59 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\m odules\ssl\ssl_engine_kernel.c(1294): Certificate Verification: depth: 0, subject: /CN=joao.srodrigues@optimus.pt/Email=joao.srodrigues@optimus .pt, issuer: /C=BE/O=GlobalSign nv-sa/OU=Class 1 CA/CN=GlobalSign Class 1 CA
[Tue Jul 16 16:19:59 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\m odules\ssl\ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read client certificate A
[Tue Jul 16 16:19:59 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\m odules\ssl\ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read client key exchange A
[Tue Jul 16 16:19:59 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\m odules\ssl\ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3 read certificate verify A
[Tue Jul 16 16:19:59 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\m odules\ssl\ssl_engine_io.c(1027): OpenSSL: read 5/5 bytes from BIO#bogus %p[mem: bogus %p (QÑoðUÐoàaX
[Tue Jul 16 16:19:59 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\m odules\ssl\ssl_engine_io.c(974): +----------------------------------------------------------- --------------+

NOT OK:

+----------------------------------------------------------- --------------+
[Tue Jul 16 16:23:47 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\m odules\ssl\ssl_engine_kernel.c(1294): Certificate Verification: depth: 1, subject: /C=PT/L=Lisboa/O=Optimus/OU=DT/Networks/IPS/CN=PosNet CA/Email=joao.srodrigues@optimus.pt, issuer: /C=PT/L=Lisboa/O=Optimus/CN=OptimusCA
[Tue Jul 16 16:23:47 2002] [error] Certificate Verification: Error (24): invalid CA certificate
[Tue Jul 16 16:23:48 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\m odules\ssl\ssl_engine_kernel.c(1864): OpenSSL: Write: SSLv3 read client certificate B
[Tue Jul 16 16:23:48 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\m odules\ssl\ssl_engine_kernel.c(1883): OpenSSL: Exit: error in SSLv3 read client certificate B
[Tue Jul 16 16:23:48 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\m odules\ssl\ssl_engine_kernel.c(1883): OpenSSL: Exit: error in SSLv3 read client certificate B
[Tue Jul 16 16:23:48 2002] [error] SSL handshake failed (server jsrodrigues.optimus.pt:443, client 172.2.2.135)
[Tue Jul 16 16:23:48 2002] [error] SSL Library Error: 336105650 error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
[Tue Jul 16 16:23:48 2002] [info] Connection to child 145 established (server jsrodrigues.optimus.pt:443, client 172.2.2.135)
[Tue Jul 16 16:23:48 2002] [info] Seeding PRNG with 0 bytes of entropy
[Tue Jul 16 16:23:48 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\m odules\ssl\ssl_engine_kernel.c(1846): OpenSSL: Handshake: start
[Tue Jul 16 16:23:48 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\m odules\ssl\ssl_engine_kernel.c(1854): OpenSSL: Loop: before/accept initialization
[Tue Jul 16 16:23:48 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\m odules\ssl\ssl_engine_io.c(1027): OpenSSL: read 11/11 bytes from BIO#bogus %p[mem: bogus %p (QÑoðUÐoà«\
[Tue Jul 16 16:23:48 2002] [debug] C:\40_Prt1.Bak\Internet\temp\httpd-2.0.39-win32-src\apache\m odules\ssl\ssl_engine_io.c(974): +----------------------------------------------------------- --------------+

Can anyone helpme please!

João Rodrigues
______________________
Optimus - DT/Networks/IPS
Tel: +351 931003838
Tm: +351 931013838
Fax: +351 931023838
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org