I have same issue Could you help me The link you sent it doesn’t open with me
On 2003/11/10 14:26:51 kko wrote: > On Mon, 2003-11-10 at 08:58, Ivan Venuti wrote: > > Hi, > > > > I'm using Apache + mod_ssl. > > In order to retrieve a user certificate (from a smart card) I've these files > > in the server: > > > > 1) server_webtest.p12 > > Why did you create a p12 for your server? This format is typically used > by your client (i.e browser) > > > 2) ca.cer (DER format) > > I assume this is the file containing CA certs, right? > > > > > after I have trasformed them with openssl: > > > > $ openssl pkcs12 -in server_webtest.p12 -out hostkey.pem -nodes -nocerts > > $ openssl pkcs12 -in server_webtest.p12 -out hostcert.pem -nodes -nokeys > > See below... > > > > > and > > > > $ openssl x509 -inform DER -in ca.cer -outform PEM -out ca.crt > > > > I have modified the conf/httpd.conf file with: > > > > SSLCertificateFile /home/caribel/certs/hostcert.pem > > SSLCertificateKeyFile /home/caribel/certs/hostkey.pem > > SSLCACertificateFile /home/caribel/certs/ca.crt > > SSLVerifyClient require > > > > the error (from logs/error_log): > > > > [Mon Nov 10 11:22:22 2003] [alert] httpd: Could not determine the server's > > fully qualified domain name, using 127.0.0.1 for ServerName > > What's the value of your ServerName Directive in httpd.conf? > > > [Mon Nov 10 11:22:22 2003] [notice] Apache/1.3.28 (Unix) mod_jk/1.2.5 > > mod_ssl/2.8.15 OpenSSL/0.9.7c configured -- resuming normal operations > > [Mon Nov 10 11:22:22 2003] [notice] Accept mutex: sysvsem (Default: sysvsem) > > [Mon Nov 10 11:22:36 2003] [error] mod_ssl: Certificate Verification: Error > > (19): self signed certificate in certificate chain > > [Mon Nov 10 11:22:36 2003] [error] mod_ssl: SSL handshake failed (server > > linux135:443, client 192.168.1.71) (OpenSSL library error follows) > > [Mon Nov 10 11:22:36 2003] [error] OpenSSL: error:140890B2:SSL > > routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned > > [Mon Nov 10 11:22:39 2003] [error] mod_ssl: Certificate Verification: Error > > (19): self signed certificate in certificate chain > > [Mon Nov 10 11:22:39 2003] [error] mod_ssl: SSL handshake failed (server > > linux135:443, client 192.168.1.71) (OpenSSL library error follows) > > [Mon Nov 10 11:22:39 2003] [error] OpenSSL: error:140890B2:SSL > > routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned > > [Mon Nov 10 11:22:43 2003] [error] mod_ssl: Certificate Verification: Error > > (19): self signed certificate in certificate chain > > [Mon Nov 10 11:22:43 2003] [error] mod_ssl: SSL handshake failed (server > > linux135:443, client 192.168.1.71) (OpenSSL library error follows) > > [Mon Nov 10 11:22:43 2003] [error] OpenSSL: error:140890B2:SSL > > routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned > > > > Why didn't you create your csr/crt/pem directly and sign them? > > Take a look at this > http://www.karkomaonline.com/article.php?story=20030713003329816 > > Hope this helps > > -- > kko <[email protected]> > karkomaonline > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [email protected] > " from the digest: [email protected] > For additional commands, e-mail: [email protected] > > Sent from my iPhone
