You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jai <ja...@gmail.com> on 2009/12/01 16:53:15 UTC
[users@httpd] Re-negotiation handshake failed: Not accepted by client!?
All,
We are trying to configure apache to accept client certificate when
accessing the page from client side. Here is the configuration,
<VirtualHost ********:4406>
RewriteEngine on
RewriteOptions inherit
ServerName ***************************
JkMountFile /apps/local/apache-ssl/conf/jkm_servicesit06.properties
JkRequestLogFormat "%w %V %T"
SSLCertificateFile certs/services.crt
Include conf/shared-ssl.conf
<Location /Dummy>
SSLCACertificatePath /apps/local/ssl_certificates/clients
SSLVerifyClient require
</Location>
</VirtualHost>
When we try to access the page we get page cannot be displayed message and
in the log files we get Re-negotiation handshake failed: Not accepted by
client!?
The certificate files inside /apps/local/ssl_certificates/clients was
provided by client.
We are using Apache/2.0.63 , openssl-0.9.8h and Jboss 4.0.4.GA
Could someone throw some light on this issue?
Re: [users@httpd] Re-negotiation handshake failed: Not accepted by
client!?
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 01.12.09 09:53, Jai wrote:
> We are trying to configure apache to accept client certificate when
> accessing the page from client side. Here is the configuration,
I wonder you bring this issue up two weeks after finding out that
SSL re-negotiation is unsecure and should not be used:
http://mail-archives.apache.org/mod_mbox/httpd-announce/200911.mbox/%3c20091107013220.31376.qmail@minotaur.apache.org%3e
> <VirtualHost ********:4406>
> RewriteEngine on
> RewriteOptions inherit
> ServerName ***************************
> JkMountFile /apps/local/apache-ssl/conf/jkm_servicesit06.properties
> JkRequestLogFormat "%w %V %T"
> SSLCertificateFile certs/services.crt
> Include conf/shared-ssl.conf
> <Location /Dummy>
> SSLCACertificatePath /apps/local/ssl_certificates/clients
> SSLVerifyClient require
> </Location>
> </VirtualHost>
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org