Error while requesting client cert authentication

Error while requesting client cert authentication

am 31.01.2003 10:12:27 von Omar TANTAOUI

This is a multi-part message in MIME format.

------=_NextPart_000_0002_01C2C911.41B0D490
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Hi everybody,

I am using Apache-1.3.27 with mod_ssl-2.8.12 and OpenSSL-0.9.7.

I have created a secure area that requires client SSL authentication:


DocumentRoot "/var/www/html"
ServerName 192.168.2.237
ServerAdmin administrator@atexo.com
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log

SSLEngine on

SSLCipherSuite ALL

SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key

SSLCACertificateFile /var/www/html/pki/ATEXO/testUserCert/ATEXO.crt

SSLCARevocationFile /var/www/html/pki/testUserCert/ATEXO.crl


SSLOptions +StdEnvVars +CompatEnvVars
SSLVerifyClient require
SSLVerifyDepth 2



SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


The server responds correctly to clients (IE or Mozilla) when it is freshly
started. But after few minutes of running, I try to access to the same page
with Mozilla but it fails with the error: "Error establishing an encryted
connection to 192.168.2.237. Error Code: -12192" and IE displays a classical
error "Page not found".

When it happens, The Apache log contains these lines:
[Fri Jan 31 10:10:44 2003] [error] mod_ssl: Certificate Verification: Error
(7): certificate signature failure
[Fri Jan 31 10:10:44 2003] [error] mod_ssl: Re-negotiation handshake failed:
Not accepted by client!?
[Fri Jan 31 10:10:44 2003] [error] mod_ssl: Certificate Verification: Error
(7): certificate signature failure
[Fri Jan 31 10:10:44 2003] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Fri Jan 31 10:10:44 2003] [error] OpenSSL:
error:0D0890A1:lib(13):func(137):reason(161)
[Fri Jan 31 10:10:44 2003] [error] OpenSSL:
error:140890B2:lib(20):func(137):reason(178)

Please any help is welcome. It has been 10 days that I'm trying to solve
this problem ...

Best regards

------=_NextPart_000_0002_01C2C911.41B0D490
Content-Type: application/ms-tnef;
name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="winmail.dat"

eJ8+IhsJAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcA GAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEGgAMADgAAANMHAQAf AAoADAAAAAUAFQEB
A5AGAFwKAAAmAAAACwACAAEAAAALACMAAAAAAAMAJgAAAAAACwApAAAAAAAD ADYAAAAAAB4AcAAB
AAAAMwAAAEVycm9yIHdoaWxlIHJlcXVlc3RpbmcgY2xpZW50IGNlcnQgYXV0 aGVudGljYXRpb24g
AAACAXEAAQAAABYAAAABwskI35/4VjSIoUBFXplpzpuCXt9qAAACAR0MAQAA AB0AAABTTVRQOk9N
QVIuVEFOVEFPVUlAQVRFWE8uQ09NAAAAAAsAAQ4AAAAAQAAGDgCwns8IycIB AgEKDgEAAAAYAAAA
AAAAADQcnhKOOKhDhyno/hgZ/TTCgAAACwAfDgEAAAACAQkQAQAAAL4FAAC6 BQAAlAkAAExaRnW7
8QRCAwAKAHJjcGcxMjUWMgD4C2BuDhAwMzZPAfcCpAPjAgBjaArAc7BldDAg BxMCgH0KgZJ2CJB3
awuAZDQMYA5jAFALAwu1IEhpIBRldgSQeQbgZHksBwqiCoQKgEkgYW0gPnUA kA8gEWAKsBDgZS2A
MS4zLjI3IAPwKHRoIARhXwQQbC1wMi44Lg4gFXASgCAET3AJ8FNTTC0w4C45 LjcuFKwQ8BQQYiAF
AGVhdAmAFXAgvREgYwhwGmAKwBqgIBcQxRqwIAlwcXVpCXAEIHxjbAiQAjAG ABjAFXB1rxcQHPEN
4BqwaQIgOhSqJDxWHHB0dQdASG8acwVAXwEBHXBsdF8gOjQ0Mz4UpERvLxtA B4ACMAgAbwVAIi8S
dgrAL3ciYC9odLhtbCIUpAZhFBFOFYDJGmAxORfAMTYX4BfAiDIzNyL6QWRt C4BnFXAlogQAdHIa
sAWwQFEasXhvLgWgbRSkRWJyA2ByTG8V8AkAZ7RzLxeBXwSQJ+FfKFHtFKRU JnAAgGYEkCgbANC6
YweQcyk4IvUYwEUPIG8LgBpgAiArzUMFIBZQcs5THGAawBFgTEwtTgSQZR3Q Zh3iZUYDEBpgL48V
sCJACQAd8GwvYRYj8i8FoG5mKJInIAAgKJCPI2Mysi+PGrFLZXkwz70x3Ws0 8DL2NxEtTkEwHwki
Ki9wEmAvQVRF2FhPLxrAH8BVMwE5Avc7FDNoOFlSFAA1wR4SOb//OsQ7jzyS CVAeeigQHfQ1UH86
7zvzIMUYsRhwHhIEICvIU3RkLLB2VhEBRUC1CFBtCrB0RZUsJ1YGcpx5QxzU HDVG/URlBTD3FyAO
UB7UL0I2IMUryxEwEUWRSWYgQEItQWeRHPIiLioF4ElFTaAuIgMwTkAUsyBO xm5vNzcQScAHQGka
UReCdW5DHMAaoG4tc2gdgGT8b3cDoU5eURIJwCXwFmKrEVACEHIrQC0cgXBF EdtS8xSqQxWwJpBt
KBscMk9AESkyUV9OwCIlBUAlERcgJVx7GLFfUFIgT1RPQ08vEH14gVimQ0lQ SEVSWaLbVyBYQHJa
8VhwYiLlSoD7HzlLK1QWUBsRI3IcIVPSDmQcoQWwCXBjdGx57RvQbxy1BCAo TeAtEAXBbG96AxAL
YCkW4B2hIN8XAGGABCADUAeQaF9hH8DjCsAawS4gQh2AFXABgL9eMSogB+Al sR2AB5FvTMDOclBQ
AwAPICwgFWAmYP9fcyskX4IdkRsQI8IKsE1A8xbkYLUgYmMRYZEgIAMQ7wQg FvNmUijjOiHwJ8MT
8PdicQJgBABoFdIDkQnwBQD+eRrCMjEs8F9AQoJfkSQLv2LgaeQIUAEAabAW cDIkAbdOIBgyYFFk
BAALUXkEIPsbABzAYQQQHeEDICjjIfD+UGbyT1BoUQhgEoBNkBSq1ldhVRDw cBiBc2UAXbL/FhQo
QmvCAZALgGYBFlARIEsoQCzhcx5VW0YFECCSSgORMzEj8DA6d0GLIJBKADAP UF0gWyjj73gQF0Vp
sDkJIEeDHeZtlXgoNylpsCtAeWgAkGf+bhqwG1JochtRdi93P3hO9T3wLSzw ZyHQBzBCcxDwv16x
EPA3EGhjCYBpsE4h0TcrIgUwGtFiX3AcxCE//31vfn94T3lfem97f3yPhE/f hV+Gax0ycKRCkXcF
EB3QbRXhZBqwGwAoGHV1sWI/JnBlUXCkAhBg8FEgcyk/i1+Mb4Y1GHVpsGlk MESAMDg5MEExOpCh
6CgxM4lQZlBRlkGJQc0akXMCIJZANjGR/5MPk5QfaWQxNJWiQjKWA2cB0JZ/ l4E3OJfVFKRQn1CB
dZEAcF9wFlBscGGy1nefQCcxZWLgSXMyBCA+YgnhmPGPsW+xG+NJJ98VkGVB FdJfkZdgbBpRFxCt
YcFwA2ACYGUVkC6j4O0UqkJAERwhZwsRRuUR4QIApjAAAAMAAW4gAAAACwAB gAggBgAAAAAAwAAA
AAAAAEYAAAAAA4UAAAAAAAADAAOACCAGAAAAAADAAAAAAAAARgAAAAAQhQAA AAAAAAMAB4AIIAYA
AAAAAMAAAAAAAABGAAAAAFKFAACOagEAHgAIgAggBgAAAAAAwAAAAAAAAEYA AAAAVIUAAAEAAAAE
AAAAOS4wAB4ACYAIIAYAAAAAAMAAAAAAAABGAAAAADaFAAABAAAAAQAAAAAA AAAeAAqACCAGAAAA
AADAAAAAAAAARgAAAAA3hQAAAQAAAAEAAAAAAAAAHgALgAggBgAAAAAAwAAA AAAAAEYAAAAAOIUA
AAEAAAABAAAAAAAAAAsADYAIIAYAAAAAAMAAAAAAAABGAAAAAIKFAAABAAAA CwA6gAggBgAAAAAA
wAAAAAAAAEYAAAAADoUAAAAAAAADADyACCAGAAAAAADAAAAAAAAARgAAAAAR hQAAAAAAAAMAPYAI
IAYAAAAAAMAAAAAAAABGAAAAABiFAAAAAAAACwBSgAggBgAAAAAAwAAAAAAA AEYAAAAABoUAAAAA
AAADAFOACCAGAAAAAADAAAAAAAAARgAAAAABhQAAAAAAAAIB+A8BAAAAEAAA ADQcnhKOOKhDhyno
/hgZ/TQCAfoPAQAAABAAAAA0HJ4SjjioQ4cp6P4YGf00AgH7DwEAAACeAAAA AAAAADihuxAF5RAa
obsIACsqVsIAAFBTVFBSWC5ETEwAAAAAAAAAAE5JVEH5v7gBAKoAN9luAAAA QzpcRG9jdW1lbnRz
IGFuZCBTZXR0aW5nc1xPbXIgVEFOVEFPVUlcTG9jYWwgU2V0dGluZ3NcQXBw bGljYXRpb24gRGF0
YVxNaWNyb3NvZnRcT3V0bG9va1xvdXRsb29rLnBzdAAAAAMA/g8FAAAAAwAN NP03AAACAX8AAQAA
ADcAAAA8S0lFRElIQ0pOTU9DSUdBTEhEQU1BRVBBQ0FBQS5vbWFyLnRhbnRh b3VpQGF0ZXhvLmNv
bT4AAAMABhAXh47IAwAHEKwGAAADABAQAAAAAAMAERAAAAAAHgAIEAEAAABl AAAASElFVkVSWUJP
RFksSUFNVVNJTkdBUEFDSEUtMTMyN1dJVEhNT0RTU0wtMjgxMkFORE9QRU5T U0wtMDk3SUhBVkVD
UkVBVEVEQVNFQ1VSRUFSRUFUSEFUUkVRVUlSRVNDTElFTgAAAABuvQ==

------=_NextPart_000_0002_01C2C911.41B0D490--


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Error while requesting client cert authentication

am 03.02.2003 09:49:25 von cybersushi

------=_Part_2763_2366550.1044262165226
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Hi,

We're experiencing the same errors. Did you get an answer on this?

If so could you send it to me??

Best regards,

Danny

>Hi everybody,
>
>I am using Apache-1.3.27 with mod_ssl-2.8.12 and OpenSSL-0.9.7.
>
>I have created a secure area that requires client SSL authentication:
>
>
>DocumentRoot "/var/www/html"
>ServerName 192.168.2.237
>ServerAdmin administrator@atexo.com
>ErrorLog logs/ssl_error_log
>TransferLog logs/ssl_access_log
>
>SSLEngine on
>
>SSLCipherSuite ALL
>
>SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
>SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
>
>SSLCACertificateFile /var/www/html/pki/ATEXO/testUserCert/ATEXO.crt
>
>SSLCARevocationFile /var/www/html/pki/testUserCert/ATEXO.crl
>
>
>SSLOptions +StdEnvVars +CompatEnvVars
>SSLVerifyClient require
>SSLVerifyDepth 2
>
>
>
>SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
>CustomLog logs/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>The server responds correctly to clients (IE or Mozilla) when it is freshly
>started. But after few minutes of running, I try to access to the same page
>with Mozilla but it fails with the error: "Error establishing an encryted
>connection to 192.168.2.237. Error Code: -12192" and IE displays a classical
>error "Page not found".
>
>When it happens, The Apache log contains these lines:
>[Fri Jan 31 10:10:44 2003] [error] mod_ssl: Certificate Verification: Error
>(7): certificate signature failure
>[Fri Jan 31 10:10:44 2003] [error] mod_ssl: Re-negotiation handshake failed:
>Not accepted by client!?
>[Fri Jan 31 10:10:44 2003] [error] mod_ssl: Certificate Verification: Error
>(7): certificate signature failure
>[Fri Jan 31 10:10:44 2003] [error] mod_ssl: SSL error on writing data
>(OpenSSL library error follows)
>[Fri Jan 31 10:10:44 2003] [error] OpenSSL:
>error:0D0890A1:lib(13):func(137):reason(161)
>[Fri Jan 31 10:10:44 2003] [error] OpenSSL:
>error:140890B2:lib(20):func(137):reason(178)
>
>Please any help is welcome. It has been 10 days that I'm trying to solve
>this problem ...
>
>Best regards

------=_Part_2763_2366550.1044262165226--

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org