Re-negotiation handshake failed: Not accepted by client!?

Re-negotiation handshake failed: Not accepted by client!?

am 01.12.2009 16:53:15 von Jayamurugan

--001636283a908d9d180479acc10d
Content-Type: text/plain; charset=ISO-8859-1

All,

We are trying to configure apache to accept client certificate when
accessing the page from client side. Here is the configuration,


RewriteEngine on
RewriteOptions inherit
ServerName ***************************
JkMountFile /apps/local/apache-ssl/conf/jkm_servicesit06.properties
JkRequestLogFormat "%w %V %T"
SSLCertificateFile certs/services.crt
Include conf/shared-ssl.conf

SSLCACertificatePath /apps/local/ssl_certificates/clients
SSLVerifyClient require



When we try to access the page we get page cannot be displayed message and
in the log files we get Re-negotiation handshake failed: Not accepted by
client!?
The certificate files inside /apps/local/ssl_certificates/clients was
provided by client.

We are using Apache/2.0.63 , openssl-0.9.8h and Jboss 4.0.4.GA

Could someone throw some light on this issue?

--001636283a908d9d180479acc10d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

All,

=A0

=A0We are trying to configure apache to accept client certificate when=
accessing the page from client side. Here is the configuration,

=A0

<VirtualHost ********:4406>
      =A0 RewriteEngi=
ne on
      =A0 RewriteOptions inherit
      =
=A0 ServerName=A0***************************
      =A0 JkMou=
ntFile /apps/local/apache-ssl/conf/jkm_servicesit06.properties

      =A0 JkRequestLogFormat     "%w %V %T" r>      =A0 SSLCertificateFile certs/services.crt
  =A0=
     Include conf/shared-ssl.conf
      =A0 <Loca=
tion /Dummy>
              =A0 SSLCACerti=
ficatePath /apps/local/ssl_certificates/clients

              =A0 SSLVerifyClient require
=
      =A0 </Location>
</VirtualHost>

=A0

When we try to access the page we get page cannot be displayed message=
and in the log files we get Re-negotiation handshake failed: Not accepted =
by client!?

The certificate files inside  /apps/local/ssl_certificates/clients=
was provided by client.

=A0

We are using Apache/2.0.63 , openssl-0.9.8h=A0and Jboss p://4.0.4.GA">4.0.4.GA

=A0

Could someone throw some light on this issue?

=A0


=A0


--001636283a908d9d180479acc10d--

Re: Re-negotiation handshake failed: Not accepted by

am 04.12.2009 12:08:15 von Matus UHLAR - fantomas

On 01.12.09 09:53, Jai wrote:
> We are trying to configure apache to accept client certificate when
> accessing the page from client side. Here is the configuration,

I wonder you bring this issue up two weeks after finding out that
SSL re-negotiation is unsecure and should not be used:

http://mail-archives.apache.org/mod_mbox/httpd-announce/2009 11.mbox/%3c20091107013220.31376.qmail@minotaur.apache.org%3e

>
> RewriteEngine on
> RewriteOptions inherit
> ServerName ***************************
> JkMountFile /apps/local/apache-ssl/conf/jkm_servicesit06.properties
> JkRequestLogFormat "%w %V %T"
> SSLCertificateFile certs/services.crt
> Include conf/shared-ssl.conf
>
> SSLCACertificatePath /apps/local/ssl_certificates/clients
> SSLVerifyClient require
>
>

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org