Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Clientside SSL

Status
Not open for further replies.

zeveck

Programmer
Jun 6, 2005
142
US
Browser: Firefox 2.0
Server: Apache/2.0.54 (Ubuntu) PHP/5.0.5-2ubuntu1.6 mod_ssl/2.0.54 OpenSSL/0.9.7g Server at foo.bar.example.com Port 4443

The folder I am trying to access on the server is protected by a .htaccess containing:

SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile /usr/local/foo/bar.crt

If I try to access said folder I get:
foo.bar.example.com has received an incorrect or unexpected message. Error Code: -12227

If I install a cert signed by bar.crt, I get:
Error establishing an encrypted connection to foo.bar.example.com. Error Code: -12195

I created the certificates by following the directions here:
I am lost as to what I am doing wrong at this point, and confused as to why Firefox provides such crappy error messages. =(
 
Yes, it is running on 4443. Would this cause a problem?
 
Is this something particular to client-side certs?

I can browse the rest of the site fine using:

I only have trouble with the folder requiring client-side certs. Since the whole site is SSL, I would assume that the browser/server are speaking SSL.

??
 
Okay. For the record, mbrooks comments about 443 are incorrect. SSL works fine on whatever port you specify.

It turned out that my problem was that CACertificateFile has to be specified per-server rather than per-directory. Sadly, specifying it in an .htaccess file doesn't result in any errors...but the directive appears to just be ignored. Judging from the comment in the mod_ssl src, it looks like this wasn't always the case... =/
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top