homepage Welcome to WebmasterWorld Guest from 54.211.95.201
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
SSL Client Authentication
ssl client certificate authentication apache
pesho318i




msg:4662990
 9:35 pm on Apr 14, 2014 (gmt 0)

Hello everyone,

I have been trying to set ssl client authentication with Apache and I am not sure what I am doing wrong...

I basically have a server certificate issued by GeoTrust/RapidSSL. For the normal ssl authentication I use the following configuration (and it works fine):

SSLEngine on
SSLCertificateFile /etc/ssl/certs/my-domain.crt
SSLCertificateChainFile /etc/ssl/certs/intermediate.crt
SSLCertificateKeyFile /etc/ssl/private/private.pem


For the client authentication I created client certificate using the my-domain.crt and private.pem to sign it. Here is the openssl command:

openssl ca -config openssl.cnf -days 360 -in client.csr -out client.crt -keyfile private.pem -cert my-domain.crt -policy policy_anything

I created a certificate chain file by pasting my-domain.crt and then intermediate.crt into one whole my-domain-full.pem file.
And to the Apache configuration I added:

SSLVerifyClient optional
SSLVerifyDepth 10
SSLCACertificateFile /etc/ssl/certs/my-domain-full.pem


I converted the client.crt into pkcs12 format and loaded it into the browser. Then I tried accessing my-domain and got the following error:
Peer does not recognize and trust the CA that issued your certificate. (Error code: ssl_error_unknown_ca_alert)

I hope you can see what I'm doing wrong... Thanks in advance for any hints!

 

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved