apache and client certificates

Hi all

Is anyone aware of Apache version 1.3.20 having problems with client
authentication??

I've created my own CA created using openssl (vs 0.9.6a). I then
created and signed my server certificate with the CA using openssl.
(apache is on a RH Linux 6.2 machine)

I then created a client public key using Java's keytool (from my
Win2000 client machine). I then took this key and signed it with my CA
using openssl which I duly converted into DER format. I then imported
my CA's certificate in my JSSE keystore plus the now created client
certificate which replaces the previous public key.

In my Apache I mention these (I have mod-ssl vs 2.8.4):
SSLCertificateFile /jose/CA2/server.crt
SSLCertificateKeyFile /jose/CA2/server.key
SSLCACertificateFile /jose/CA2/demoCA/cacert.pem
SSLVerifyClient require
SSLVerifyDepth 10

When I connect, I'm getting the following on ssl_engine.log

"[17/Sep/2002 15:20:22 28388] [error] SSL handshake failed (server
155.239.48.43:443, client 165.148.59.202) (OpenSSL library error
follows)
[17/Sep/2002 15:20:22 28388] [error] OpenSSL: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown"

and from my Java client I'm getting:

"main, SEND SSL v3.1 ALERT: fatal, description = certificate_unknown
main, WRITE: SSL v3.1 Alert, length = 2
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated"

Hence my confusion since I know my client certificate was signed by
the CA mentioned in apache httpd.conf... :-(

Anyone got a clue? I've searched extensevily...

Thanks a lot
Jose Correia
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org