You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Jai <ja...@gmail.com> on 2009/12/01 16:53:15 UTC

[users@httpd] Re-negotiation handshake failed: Not accepted by client!?

All,

 We are trying to configure apache to accept client certificate when
accessing the page from client side. Here is the configuration,

<VirtualHost ********:4406>
        RewriteEngine on
        RewriteOptions inherit
        ServerName ***************************
        JkMountFile /apps/local/apache-ssl/conf/jkm_servicesit06.properties
        JkRequestLogFormat     "%w %V %T"
        SSLCertificateFile certs/services.crt
        Include conf/shared-ssl.conf
        <Location /Dummy>
                SSLCACertificatePath /apps/local/ssl_certificates/clients
                SSLVerifyClient require
        </Location>
</VirtualHost>

When we try to access the page we get page cannot be displayed message and
in the log files we get Re-negotiation handshake failed: Not accepted by
client!?
The certificate files inside  /apps/local/ssl_certificates/clients was
provided by client.

We are using Apache/2.0.63 , openssl-0.9.8h and Jboss 4.0.4.GA

Could someone throw some light on this issue?

Re: [users@httpd] Re-negotiation handshake failed: Not accepted by client!?

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

On 01.12.09 09:53, Jai wrote:
>  We are trying to configure apache to accept client certificate when
> accessing the page from client side. Here is the configuration,

I wonder you bring this issue up two weeks after finding out that
SSL re-negotiation is unsecure and should not be used:

http://mail-archives.apache.org/mod_mbox/httpd-announce/200911.mbox/%3c20091107013220.31376.qmail@minotaur.apache.org%3e

> <VirtualHost ********:4406>
>         RewriteEngine on
>         RewriteOptions inherit
>         ServerName ***************************
>         JkMountFile /apps/local/apache-ssl/conf/jkm_servicesit06.properties
>         JkRequestLogFormat     "%w %V %T"
>         SSLCertificateFile certs/services.crt
>         Include conf/shared-ssl.conf
>         <Location /Dummy>
>                 SSLCACertificatePath /apps/local/ssl_certificates/clients
>                 SSLVerifyClient require
>         </Location>
> </VirtualHost>

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org