peer did not return a certificate No CAs known to server for verification?

peer did not return a certificate No CAs known to server for verification?

am 20.12.2010 06:59:18 von Abhijit Bhate

This is a multi-part message in MIME format.

------_=_NextPart_001_01CBA00B.0B8B3E39
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello All,

=20

We have opened a java web service & our clients are facing issues while
accessing it. They are consistently getting SSL / TLS connection failure
message. All these clients are using VeriSign class 1 certificates. In
apache error logs we see below message:

=20

[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Certificate Verification:
Error (20): unable to get local issuer certificate=20
[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Re-negotiation handshake
failed: Not accepted by client!?=20
[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Certificate Verification:
Error (20): unable to get local issuer certificate=20
[Fri Oct 12 17:42:04 2007] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)=20
[Fri Oct 12 17:42:04 2007] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

=20

This is happening only with class 1 certificates, class 3 certificates
are working fine. Earlier we were using IBM HTTP Server & our clients
were able to connect to our web service. But since we have moved to
Apache HTTP Server, they are facing this issue.

=20

Is there any known fix for this? kindly advice. You suggestions are real
value for us.

=20

Note: All these clients are either PHP / .NET clients. Java clients are
able to use class 1 certificates successfully.

=20

Thanks,

Abhijit Mohan Bhate

+91-98-50-886360

=20


------_=_NextPart_001_01CBA00B.0B8B3E39
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Dus-ascii">









Hello =
All,



style=3D'color:#17365D'> 



We have opened a java =
web
service & our clients are facing issues while accessing it. They are
consistently getting SSL / TLS connection failure message. All these =
clients
are using VeriSign class 1 certificates. In apache error logs we see =
below message:



style=3D'color:#17365D'> 



style=3D'font-size:10.0pt;font-family:"Verdana","sans-serif" ;
color:black'>[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Certificate
Verification: Error (20): unable to get local issuer certificate

[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Re-negotiation handshake =
failed:
Not accepted by client!?

[Fri Oct 12 17:42:04 2007] [error] mod_ssl: Certificate Verification: =
Error
(20): unable to get local issuer certificate

[Fri Oct 12 17:42:04 2007] [error] mod_ssl: SSL error on writing data =
(OpenSSL
library error follows)

[Fri Oct 12 17:42:04 2007] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate =
returned



style=3D'font-size:10.0pt;font-family:"Verdana","sans-serif" ;
color:black'> 



This is happening =
only with
class 1 certificates, class 3 certificates are working fine. Earlier we =
were
using IBM HTTP Server & our clients were able to connect to our web
service. But since we have moved to Apache HTTP Server, they are facing =
this
issue.



style=3D'color:#17365D'> 



Is there any known =
fix for this?
kindly advice. You suggestions are real value for =
us.



style=3D'color:#17365D'> 



Note: All these =
clients are
either PHP / .NET clients. Java clients are able to use class 1 =
certificates successfully.



style=3D'color:#17365D'> 



style=3D'color:#17365D'>Thanks,



Abhijit Mohan =
Bhate



style=3D'color:#17365D'>+91-98-50-886360



 









------_=_NextPart_001_01CBA00B.0B8B3E39--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org