Client certificate

--retimiled-emim-mijooneldraneldeen
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C7080E.18D17F13"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7080E.18D17F13
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

Hi ,
I am trying to implement client authentication based on client
certificates.

I want to throw up an error message to the "user/browser" in case client
certificate is invalid.

What I got was that "The page cannot be displayed" error if an
invalid(expired one) client certificate is sent and I see the following
in the logs.
==================== =====3D=
==================== =====3D=
========
[Tue Nov 14 16:52:53 2006] [info] [client 14.64.53.89] client stopped
connection before rflush completed
[Tue Nov 14 16:52:57 2006] [error] mod_ssl: Certificate Verification:
Error (10): certificate has expired
[Tue Nov 14 16:52:57 2006] [error] mod_ssl: Re-negotiation handshake
failed: Not accepted by client!?
[Tue Nov 14 16:52:57 2006] [error] mod_ssl: Certificate Verification:
Error (10): certificate has expired
[Tue Nov 14 16:52:57 2006] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Tue Nov 14 16:52:57 2006] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certif
icate returned
[Tue Nov 14 16:52:57 2006] [info] [client 14.64.53.89] client stopped
connection before rflush completed
==================== =====3D=
==================== =====3D=
==================== ==
====

Ideally , I would like to be able to find that the client certificate
has expired using the "SSL_Client....." variables and be able to give
user some error message.

Is it possible?

Thanks,
Vishal





------_=_NextPart_001_01C7080E.18D17F13
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable




charset=3Dus-ascii">
6.5.7651.14">

Hi ,


I am trying to implement client =
authentication based on client certificates.

I want to throw up an error message to =
the "user/browser" in case client certificate is =
invalid.

What I got was that =
"The page =
cannot be displayed" error if an invalid(expired one) client =
certificate is sent and I see the following in the logs.

Roman">=================3D=3 D=====
==================== =====3D=
===========3D


[ FACE=3D"Times New Roman">Tue Nov 14 16:52:53 2006] [info] [client =
14.64.53.89] client stopped connection before rflush completed


[Tue Nov 14 16:52:57 2006] =
[error] mod_ssl: Certificate Verification: Error (10): certificate has =
expired


[Tue Nov 14 16:52:57 2006] =
[error] mod_ssl: Re-negotiation handshake failed: Not accepted by =
client!?


[Tue Nov 14 16:52:57 2006] =
[error] mod_ssl: Certificate Verification: Error (10): certificate has =
expired


[Tue Nov 14 16:52:57 2006] =
[error] mod_ssl: SSL error on writing data (OpenSSL library error =
follows)


[Tue Nov 14 16:52:57 2006] =
[error] OpenSSL: error:140890B2:SSL =
routines:SSL3_GET_CLIENT_CERTIFICATE:no certif


icate returned


[Tue Nov 14 16:52:57 2006] =
[info] [client 14.64.53.89] client stopped connection before rflush =
completed


Roman">=================3D=3 D=====
==================== =====3D=
==================== =====3D=
====

Ideally , I would like to be =
able to find that the client certificate has expired using the =
"SSL_Client….." variables and be able to give user some =
error message.

Is it possible?

Thanks,


Vishal