Autehticated access / cygwin
am 06.08.2002 13:23:48 von TantaO
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C23D3B.BBB0DBD0
Content-Type: text/plain;
charset="iso-8859-1"
Hi,
I'm using Apache + mod_ssl on cygwin platform.
I want to restrict access to authenticated users, so I wrote in httpd.conf:
SSLEngine on
SSLCertificateFile conf/ssl.crt/CAWebCert.pem
SSLCertificateKeyFile conf/ssl.key/CAWebKey.pem
SSLCACertificatePath conf/ssl.crt
SSLCACertificateFile conf/ssl.crt/cacert.pem
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SSLVerifyClient require
SSLVerifyDepth 2
SSLRequire %{SSL_CLIENT_S_DN_C} eq "FR" and %{SSL_CLIENT_S_DN_O} eq
"StorageTek" and \
%{SSL_CLIENT_S_DN_CN} eq "Omar Tantaoui"
ServerAdmin CAAdministrator@storagetek.com
DocumentRoot "/usr/local/apache/htdocs/ra"
ServerName tou-ws-sd2138
ErrorLog logs/raserver-error.log
CustomLog logs/raserver-access.log common
ScriptAlias /cgi-bin/ /usr/local/apache/cgi-bin/
But i got the following error:
[Tue Aug 6 11:56:39 2002] [error] mod_ssl: Re-negotiation handshake failed:
Not accepted by client!?
[Tue Aug 6 11:56:39 2002] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Tue Aug 6 11:56:39 2002] [error] OpenSSL: error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
[Hint: No CAs known to server for verification?]
I don't what does it mean.
What's wrong with my httpd.conf ?
Regards
Omar Tantaoui
------_=_NextPart_001_01C23D3B.BBB0DBD0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
charset=3Diso-8859-1">
5.5.2653.12">
Autehticated access / cygwin
Hi,
I'm using Apache + mod_ssl on cygwin =
platform.
I want to restrict access to =
authenticated users, so I wrote in httpd.conf:
<VirtualHost =
_default_:8082>
SSLEngine =
on
SSLCertificateFile =
conf/ssl.crt/CAWebCert.pem
=
SSLCertificateKeyFile conf/ssl.key/CAWebKey.pem
=
SSLCACertificatePath conf/ssl.crt
=
SSLCACertificateFile conf/ssl.crt/cacert.pem
SetEnvIf =
User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
<Location =
/>
=
SSLVerifyClient require
=
SSLVerifyDepth 2
=
SSLRequire %{SSL_CLIENT_S_DN_C} eq "FR" and =
%{SSL_CLIENT_S_DN_O} eq "StorageTek" and \
FACE=3D"Arial"> =
%{SSL_CLIENT_S_DN_CN} eq "Omar Tantaoui"
=
</Location>
ServerAdmin =
CAAdministrator@storagetek.com
DocumentRoot =
"/usr/local/apache/htdocs/ra"
ServerName =
tou-ws-sd2138
ErrorLog =
logs/raserver-error.log
CustomLog =
logs/raserver-access.log common
ScriptAlias =
/cgi-bin/ /usr/local/apache/cgi-bin/
</VirtualHost>
But i got the following error:
[Tue Aug 6 11:56:39 2002] =
[error] mod_ssl: Re-negotiation handshake failed: Not accepted by =
client!?
[Tue Aug 6 11:56:39 2002] =
[error] mod_ssl: SSL error on writing data (OpenSSL library error =
follows)
[Tue Aug 6 11:56:39 2002] =
[error] OpenSSL: error:140890C7:SSL =
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate =
[Hint: No CAs known to server for verification?]
I don't what does it mean.
What's wrong with my httpd.conf =
?
Regards
Omar Tantaoui
------_=_NextPart_001_01C23D3B.BBB0DBD0--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
RE: Autehticated access / cygwin
am 06.08.2002 15:32:04 von Boyle Owen
This is a multi-part message in MIME format.
------_=_NextPart_001_01C23D4D.A6DBFDE4
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
The problem is all in the error messages.. You are requesting that =
clients provide a certificate (SSLVerifyClient require) but then they do =
not do so (peer did not return a certificate) do you really want the =
clients all to have certs?
=20
Rgds,
=20
Owen Boyle
=20
=20
-----Original Message-----
From: Tantaoui, Omar [mailto:TantaO@europe.stortek.com]
Sent: Dienstag, 6. August 2002 13:24
To: 'modssl-users@modssl.org'
Subject: Autehticated access / cygwin
Hi,=20
I'm using Apache + mod_ssl on cygwin platform.=20
I want to restrict access to authenticated users, so I wrote in =
httpd.conf:=20
=20
SSLEngine on=20
SSLCertificateFile conf/ssl.crt/CAWebCert.pem=20
SSLCertificateKeyFile conf/ssl.key/CAWebKey.pem=20
SSLCACertificatePath conf/ssl.crt=20
SSLCACertificateFile conf/ssl.crt/cacert.pem =20
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown=20
=20
SSLVerifyClient require=20
SSLVerifyDepth 2 =20
SSLRequire %{SSL_CLIENT_S_DN_C} eq "FR" and %{SSL_CLIENT_S_DN_O} =
eq "StorageTek" and \=20
%{SSL_CLIENT_S_DN_CN} eq "Omar Tantaoui"=20
=20
ServerAdmin CAAdministrator@storagetek.com=20
DocumentRoot "/usr/local/apache/htdocs/ra"=20
ServerName tou-ws-sd2138=20
ErrorLog logs/raserver-error.log=20
CustomLog logs/raserver-access.log common=20
ScriptAlias /cgi-bin/ /usr/local/apache/cgi-bin/=20
=20
But i got the following error:=20
[Tue Aug 6 11:56:39 2002] [error] mod_ssl: Re-negotiation handshake =
failed: Not accepted by client!?=20
[Tue Aug 6 11:56:39 2002] [error] mod_ssl: SSL error on writing data =
(OpenSSL library error follows)=20
[Tue Aug 6 11:56:39 2002] [error] OpenSSL: error:140890C7:SSL =
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate =
[Hint: No CAs known to server for verification?]
I don't what does it mean.=20
What's wrong with my httpd.conf ?=20
Regards=20
Omar Tantaoui=20
------_=_NextPart_001_01C23D4D.A6DBFDE4
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
charset=3Diso-8859-1">
Autehticated access / cygwin
size=3D2>The=20
problem is all in the error messages.. You are requesting that clients =
provide a=20
certificate (SSLVerifyClient require) but =
then they=20
do not do so (peer did not return a =
certificate) do=20
you really want the clients all to have certs?
size=3D2>
size=3D2>Rgds,
size=3D2>
size=3D2>Owen=20
Boyle
size=3D2>
class=3D370592813-06082002>
color=3D#0000ff>
class=3D370592813-06082002>
class=3D370592813-06082002> -----Original =
Message-----
From:=20
Tantaoui, Omar [mailto:TantaO@europe.stortek.com]
Sent: =
Dienstag, 6.=20
August 2002 13:24
To: =
'modssl-users@modssl.org'
Subject:=20
Autehticated access / cygwin
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px =
solid; MARGIN-RIGHT: 0px">
Hi,
I'm using Apache + mod_ssl on cygwin=20
platform.
I want to restrict access to =
authenticated users,=20
so I wrote in httpd.conf:
<VirtualHost =
_default_:8082>
face=3DArial size=3D2> SSLEngine on
face=3DArial=20
size=3D2> SSLCertificateFile =
conf/ssl.crt/CAWebCert.pem=20
=
SSLCertificateKeyFile=20
conf/ssl.key/CAWebKey.pem
size=3D2> SSLCACertificatePath conf/ssl.crt =
face=3DArial size=3D2> SSLCACertificateFile=20
conf/ssl.crt/cacert.pem
face=3DArial=20
size=3D2> SetEnvIf User-Agent ".*MSIE.*" nokeepalive =
ssl-unclean-shutdown
<Location =
/>=20
=20
SSLVerifyClient require
size=3D2> SSLVerifyDepth =
2 =20
size=3D2> =20
SSLRequire %{SSL_CLIENT_S_DN_C} eq "FR" and %{SSL_CLIENT_S_DN_O} =
eq=20
"StorageTek" and \
size=3D2> =20
%{SSL_CLIENT_S_DN_CN} eq "Omar Tantaoui"
size=3D2> </Location>
ServerAdmin=20
CAAdministrator@storagetek.com
size=3D2> DocumentRoot =
"/usr/local/apache/htdocs/ra"=20
ServerName =
tou-ws-sd2138=20
ErrorLog=20
logs/raserver-error.log
size=3D2> =20
CustomLog logs/raserver-access.log common
face=3DArial=20
size=3D2> ScriptAlias /cgi-bin/=20
/usr/local/apache/cgi-bin/
size=3D2></VirtualHost>
But i got the following error: =
face=3DArial size=3D2>[Tue Aug 6 11:56:39 2002] [error] mod_ssl: =
Re-negotiation handshake failed: Not accepted by client!? =
face=3DArial size=3D2>[Tue Aug 6 11:56:39 2002] [error] mod_ssl: =
SSL error=20
on writing data (OpenSSL library error follows)
face=3DArial=20
size=3D2>[Tue Aug 6 11:56:39 2002] [error] OpenSSL: =
error:140890C7:SSL=20
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate =
[Hint:=20
No CAs known to server for verification?]
I don't what does it mean.
What's wrong with my httpd.conf =
?
Regards
Omar Tantaoui =
------_=_NextPart_001_01C23D4D.A6DBFDE4--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
RE: Autehticated access / cygwin
am 06.08.2002 15:39:42 von TantaO
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C23D4E.B839E2E0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Yes I do want to restrict access to certificate owner. But both =
Netscape 6.2
and IExplorer don't ask for a cert to submit to server.
=20
And what about [Hint: No CAs known to server for verification?]
-----Message d'origine-----
De : Boyle Owen [mailto:Owen.Boyle@swx.com]
Envoy=E9 : mardi 6 ao=FBt 2002 15:32
=C0 : modssl-users@modssl.org
Objet : RE: Autehticated access / cygwin
The problem is all in the error messages.. You are requesting that =
clients
provide a certificate (SSLVerifyClient require) but then they do not do =
so
(peer did not return a certificate) do you really want the clients all =
to
have certs?
=20
Rgds,
=20
Owen Boyle
=20
=20
-----Original Message-----
From: Tantaoui, Omar [mailto:TantaO@europe.stortek.com]
Sent: Dienstag, 6. August 2002 13:24
To: 'modssl-users@modssl.org'
Subject: Autehticated access / cygwin
Hi,=20
I'm using Apache + mod_ssl on cygwin platform.=20
I want to restrict access to authenticated users, so I wrote in =
httpd.conf:=20
=20
SSLEngine on=20
SSLCertificateFile conf/ssl.crt/CAWebCert.pem=20
SSLCertificateKeyFile conf/ssl.key/CAWebKey.pem=20
SSLCACertificatePath conf/ssl.crt=20
SSLCACertificateFile conf/ssl.crt/cacert.pem =20
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown=20
=20
SSLVerifyClient require=20
SSLVerifyDepth 2 =20
SSLRequire %{SSL_CLIENT_S_DN_C} eq "FR" and =
%{SSL_CLIENT_S_DN_O} eq
"StorageTek" and \=20
%{SSL_CLIENT_S_DN_CN} eq "Omar Tantaoui"=20
=20
ServerAdmin CAAdministrator@storagetek.com=20
DocumentRoot "/usr/local/apache/htdocs/ra"=20
ServerName tou-ws-sd2138=20
ErrorLog logs/raserver-error.log=20
CustomLog logs/raserver-access.log common=20
ScriptAlias /cgi-bin/ /usr/local/apache/cgi-bin/=20
=20
But i got the following error:=20
[Tue Aug 6 11:56:39 2002] [error] mod_ssl: Re-negotiation handshake =
failed:
Not accepted by client!?=20
[Tue Aug 6 11:56:39 2002] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)=20
[Tue Aug 6 11:56:39 2002] [error] OpenSSL: error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
[Hint: No CAs known to server for verification?]
I don't what does it mean.=20
What's wrong with my httpd.conf ?=20
Regards=20
Omar Tantaoui=20
------_=_NextPart_001_01C23D4E.B839E2E0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
charset=3Diso-8859-1">
Autehticated access / cygwin
color=3D#0000ff size=3D2>Yes I=20
do want to restrict access to certificate owner. But both Netscape 6.2 =
and=20
IExplorer don't ask for a cert to submit to server.
color=3D#0000ff=20
size=3D2>
color=3D#0000ff size=3D2>And=20
what about [Hint: No CAs known to server for=20
verification?]
color=3D#0000ff size=3D2>The=20
problem is all in the error messages.. You are requesting that =
clients provide=20
a certificate (SSLVerifyClient require) =
but then=20
they do not do so (peer did not return a=20
certificate) do you really want the clients all to have=20
certs?
color=3D#0000ff=20
size=3D2>
color=3D#0000ff=20
size=3D2>Rgds,
color=3D#0000ff=20
size=3D2>
color=3D#0000ff size=3D2>Owen=20
Boyle
face=3DTahoma>
size=3D2>
color=3D#0000ff>
class=3D370592813-06082002>
class=3D370592813-06082002> -----Original=20
Message-----
From: Tantaoui, Omar=20
[mailto:TantaO@europe.stortek.com]
Sent: Dienstag, 6. =
August 2002=20
13:24
To: 'modssl-users@modssl.org'
Subject: =
Autehticated=20
access / cygwin
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff =
2px solid; MARGIN-RIGHT: 0px">
Hi,
I'm using Apache + mod_ssl on cygwin =
platform.
I want to restrict access to =
authenticated users,=20
so I wrote in httpd.conf:
<VirtualHost =
_default_:8082>=20
SSLEngine =
on
face=3DArial size=3D2> SSLCertificateFile=20
conf/ssl.crt/CAWebCert.pem
size=3D2> SSLCertificateKeyFile=20
conf/ssl.key/CAWebKey.pem
size=3D2> SSLCACertificatePath =
conf/ssl.crt
face=3DArial size=3D2> SSLCACertificateFile=20
conf/ssl.crt/cacert.pem
face=3DArial=20
size=3D2> SetEnvIf User-Agent ".*MSIE.*" =
nokeepalive=20
ssl-unclean-shutdown
<Location =
/>=20
size=3D2> =20
SSLVerifyClient require
size=3D2> SSLVerifyDepth=20
2
size=3D2> SSLRequire =
%{SSL_CLIENT_S_DN_C}=20
eq "FR" and %{SSL_CLIENT_S_DN_O} eq "StorageTek" and \ =
size=3D2> =20
%{SSL_CLIENT_S_DN_CN} eq "Omar Tantaoui"
face=3DArial=20
size=3D2> </Location>
ServerAdmin=20
CAAdministrator@storagetek.com
size=3D2> DocumentRoot =
"/usr/local/apache/htdocs/ra"=20
ServerName=20
tou-ws-sd2138
size=3D2> ErrorLog=20
logs/raserver-error.log
size=3D2> CustomLog logs/raserver-access.log =
common=20
ScriptAlias =
/cgi-bin/=20
/usr/local/apache/cgi-bin/
size=3D2></VirtualHost>
But i got the following =
error:
face=3DArial size=3D2>[Tue Aug 6 11:56:39 2002] [error] =
mod_ssl:=20
Re-negotiation handshake failed: Not accepted by client!? =
face=3DArial size=3D2>[Tue Aug 6 11:56:39 2002] [error] =
mod_ssl: SSL error=20
on writing data (OpenSSL library error follows)
face=3DArial=20
size=3D2>[Tue Aug 6 11:56:39 2002] [error] OpenSSL: =
error:140890C7:SSL=20
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a =
certificate=20
[Hint: No CAs known to server for verification?]
I don't what does it mean. =
What's wrong with my httpd.conf =
?
Regards
Omar Tantaoui=20
------_=_NextPart_001_01C23D4E.B839E2E0--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org