You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Eric Covener <co...@gmail.com> on 2010/08/05 15:54:34 UTC
Re: [users@httpd] strange behaviour: SSLCACertificatePath and
SSLCACertificateFile not giving the same result?
> only 3 certificates in chain?? Where are the fourth one?
Use wireshark and figure out which one's missing in the certificate
request, or what's different in the certificate response.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] strange behaviour: SSLCACertificatePath and
SSLCACertificateFile not giving the same result?
Posted by Luis Neves <lu...@hotmail.com>.
Ive tried to use "-cert lneves.pem" but the openssl command is asking for the key
Ive tried to extract the private key from IE but the option is greyed-out (key is not exportable), and I dont know how to get it from the smartcard itself.... Im stucked
Luis
> Date: Fri, 6 Aug 2010 14:16:47 +0200
> From: joost@sanguis.xs4all.nl
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] strange behaviour: SSLCACertificatePath and SSLCACertificateFile not giving the same result?
>
> On Fri, August 6, 2010 13:52, Luis Neves wrote:
> >
> > Im trying as suggested, But what should I look for? I see the SSLv3
> > traffic between server and client.
> >
> > The server send all the CA certificates, the client send all his
> > certificates as well, then a BAD certificate error is returned by the
> > server
>
> On the server, compare the output of:
>
> openssl s_client -connect server:443 -cert [clientcert.p12] -CAfile
> [bundledCAfile]
> openssl s_client -connect server:443 -cert [clientcert.p12] -CApath
> [PathtoCAfiles]
>
> Joost
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
RE: [users@httpd] strange behaviour: SSLCACertificatePath and
SSLCACertificateFile not giving the same result?
Posted by Joost de Heer <jo...@sanguis.xs4all.nl>.
On Fri, August 6, 2010 13:52, Luis Neves wrote:
>
> Im trying as suggested, But what should I look for? I see the SSLv3
> traffic between server and client.
>
> The server send all the CA certificates, the client send all his
> certificates as well, then a BAD certificate error is returned by the
> server
On the server, compare the output of:
openssl s_client -connect server:443 -cert [clientcert.p12] -CAfile
[bundledCAfile]
openssl s_client -connect server:443 -cert [clientcert.p12] -CApath
[PathtoCAfiles]
Joost
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] strange behaviour: SSLCACertificatePath and
SSLCACertificateFile not giving the same result?
Posted by Luis Neves <lu...@hotmail.com>.
Im trying as suggested, But what should I look for? I see the SSLv3 traffic between server and client.
The server send all the CA certificates, the client send all his certificates as well, then a BAD certificate error is returned by the server
Luis
> Date: Thu, 5 Aug 2010 09:54:34 -0400
> From: covener@gmail.com
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] strange behaviour: SSLCACertificatePath and SSLCACertificateFile not giving the same result?
>
> > only 3 certificates in chain?? Where are the fourth one?
>
> Use wireshark and figure out which one's missing in the certificate
> request, or what's different in the certificate response.
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>