Welcome to WebmasterWorld Guest from 18.104.22.168 , register , free tools , login , search , pro membership , help , library , announcements , recent posts , open posts Pubcon Platinum Sponsor 2014
SSL Client Authentication ssl client certificate authentication apache pesho318i msg:4662990 9:35 pm on Apr 14, 2014 (gmt 0) Hello everyone, I have been trying to set ssl client authentication with Apache and I am not sure what I am doing wrong... I basically have a server certificate issued by GeoTrust/RapidSSL. For the normal ssl authentication I use the following configuration (and it works fine):
SSLCertificateFile /etc/ssl/certs/my-domain.crt SSLCertificateChainFile /etc/ssl/certs/intermediate.crt SSLCertificateKeyFile /etc/ssl/private/private.pem For the client authentication I created client certificate using the my-domain.crt and private.pem to sign it. Here is the openssl command:
openssl ca -config openssl.cnf -days 360 -in client.csr -out client.crt -keyfile private.pem -cert my-domain.crt -policy policy_anything
I created a certificate chain file by pasting my-domain.crt and then intermediate.crt into one whole my-domain-full.pem file. And to the Apache configuration I added:
SSLVerifyDepth 10 SSLCACertificateFile /etc/ssl/certs/my-domain-full.pem I converted the client.crt into pkcs12 format and loaded it into the browser. Then I tried accessing my-domain and got the following error: Peer does not recognize and trust the CA that issued your certificate. (Error code: ssl_error_unknown_ca_alert) I hope you can see what I'm doing wrong... Thanks in advance for any hints!