Wanted to get some advice on setting up simple 2 way apache SSL.
We have created a key file and csr request using openSSL. We have then submitted it to a CA and recieved a crt file back with the CA's crt file.
We have configured the apache http.conf file and added the following params after loading the mod_ssl module.
SSLEngine on
SSLCACertificateFile /local/fast/fcHome/deployment/apache01/conf/ssl.crt/ca.crt - the CA root cert recieved with the cert
SSLCertificateFile /local/fast/fcHome/deployment/apache01/conf/ssl.crt/server.crt -the crt file recieved from CA for the server
SSLCertificateKeyFile /local/fast/fcHome/deployment/apache01/conf/ssl.key/server.key - the keyfile used to generate the csr
SSLVerifyClient require
SSLVerifyDepth 10
We then have a client who is also using a certificate signed by the same CA attempting to connect to the https service. The client is getting SSL handshake errors when connecting.
The apache error logs show the following:
ssl_engine_kernel.c(1884): OpenSSL: Write: SSLv3 read client certificate B ssl_engine_kernel.c(1903): OpenSSL: Exit: error in SSLv3 read client certificate B ssl_engine_kernel.c(1903): OpenSSL: Exit: error in SSLv3 read client certificate B SSL Library Error: 336105671 error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate No CAs known to server for verification?
I can't seem to figure out why this is. Is it possible that even though the client certificate is signed by Versign it is not matched to the server's CA.crt file?
Any help would be greatly appreciated
