mutual authentication problem

mutual authentication problem

am 12.05.2003 21:37:00 von ahmed.nauman

Hi all,

I am using

i m trying to establish mutual authentication on apache web server. I did
this in httpd.conf file
SSLVerifyClient require

then when i accessed the server from browser - it asked me for client
certificate - i select one from the list - it displayed the message that it
is going to access a protected item i preseed OK - then it displayed error
message that certificate is not issued from trusted CA.

I added this directive

SSLCACertificateFile "path to CA file" // I got this from
freecerts.entrust.com

Now i save it, restart the server. And when i try to access it from browser
- it follows the same path but after pressing OK [see above] it does not
display error or actual page. It says the page can not be displayed. I have
seen server log - which shows the GET_CLIENT_CERTIFICATE: no certificate
returned

Why i am having this problem ? i m sepcifying client certificate. It happens
only when i specify SSLCACertificateFile directive. Please advise.
Here is log at server side

[12/May/2003 15:34:29 29091] [info] Connection to child 0 established
(server cddfs1.nj.ssmb.com:8443, client 168.109.64.190)
[12/May/2003 15:34:29 29091] [info] Seeding PRNG with 1160 bytes of entropy
[12/May/2003 15:34:29 29091] [error] Certificate Verification: Error (20):
unable to get local issuer certificate
[12/May/2003 15:34:29 29091] [error] SSL handshake failed (server
cddfs1.nj.ssmb.com:8443, client 168.109.64.190) (OpenSSL library error
follows)
[12/May/2003 15:34:29 29091] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
[12/May/2003 15:34:33 29091] [info] Connection to child 0 established
(server cddfs1.nj.ssmb.com:8443, client 168.109.64.190)
[12/May/2003 15:34:33 29091] [info] Seeding PRNG with 1160 bytes of entropy
[12/May/2003 15:34:33 29091] [error] Certificate Verification: Error (20):
unable to get local issuer certificate
[12/May/2003 15:34:33 29091] [error] SSL handshake failed (server
cddfs1.nj.ssmb.com:8443, client 168.109.64.190) (OpenSSL library error
follows)
[12/May/2003 15:34:33 29091] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned


Regards,
Nauman
________________________________________
Information Security Consultant
________________________________________
Citibank N.A., 111 Wall St., New York, NY
Ph: +1-212-657-1070 (w), +1-718-951-0508 (h)
Fax: +1-212-657-1645


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org