Client Authentication

------_=_NextPart_001_01C5391D.D819527A
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


I am working on an SSL interface with smart cards with on board
certificates.

I have enabled client authentication in apache through the following
lines:

SSLVerifyClient require
SSLVerifyDepth 1
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

And, the server definitely requests the client certificate, but I get
the following errors:

[Sun Apr 03 04:02:04 2005] [warn] Init: Oops, you want to request client
authentication, but no CAs are known for verification!? [Hint:
SSLCACertificate*]
[Sun Apr 03 04:02:04 2005] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Mon Apr 04 09:07:04 2005] [error] Certificate Verification: Error (20):
unable to get local issuer certificate

The second error is obviously because I have a test certificate on my
server.

Following these errors, the system hangs...stays indefinitely in waiting
state, or goes to 'page cannot be found'

Any help is appreciated.

Thanks.

Nadeem

------_=_NextPart_001_01C5391D.D819527A
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1458" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><SPAN class=3D708523913-04042005><FONT face=3DArial size=3D2>I am =
working on an
SSL interface with smart cards with on board certificates. =
</FONT></SPAN></DIV>
<DIV><SPAN class=3D708523913-04042005><FONT face=3DArial
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D708523913-04042005><FONT face=3DArial size=3D2>I have =
enabled
client authentication in apache through the following lines:
</FONT></SPAN></DIV>
<DIV><SPAN class=3D708523913-04042005><FONT face=3DArial
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D708523913-04042005><FONT face=3DArial =
size=3D2>SSLVerifyClient
require<BR>SSLVerifyDepth 1<BR>SSLCertificateFile
/etc/httpd/conf/ssl.crt/server.crt<BR>SSLCertificateKeyFile
/etc/httpd/conf/ssl.key/server.key<BR></FONT></SPAN></DIV>
<DIV><SPAN class=3D708523913-04042005><FONT face=3DArial size=3D2>And, =
the server
definitely requests the client certificate, but I get the following
errors:</FONT></SPAN></DIV>
<DIV><SPAN class=3D708523913-04042005><FONT face=3DArial
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D708523913-04042005><FONT face=3DArial size=3D2>[Sun =
Apr 03 04:02:04
2005] [warn] Init: Oops, you want to request client authentication, but =
no CAs
are known for verification!?  [Hint: SSLCACertificate*]<BR>[Sun Apr =
03
04:02:04 2005] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?<BR>[Mon Apr 04 =
09:07:04
2005] [error] Certificate Verification: Error (20): unable to get local =
issuer
certificate<BR></FONT></SPAN></DIV>
<DIV><SPAN class=3D708523913-04042005><FONT face=3DArial size=3D2>The =
second error is
obviously because I have a test certificate on my =
server.</DIV></FONT></SPAN>
<DIV><SPAN class=3D708523913-04042005><FONT face=3DArial
size=3D2> </DIV></FONT></SPAN>
<DIV><SPAN class=3D708523913-04042005><FONT face=3DArial =
size=3D2>Following these
errors, the system hangs...stays indefinitely in waiting state, or goes =
to 'page
cannot be found'</FONT></SPAN></DIV>
<DIV><SPAN class=3D708523913-04042005><FONT face=3DArial
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D708523913-04042005><FONT face=3DArial size=3D2>Any =
help is
appreciated. </FONT></SPAN></DIV>
<DIV><SPAN class=3D708523913-04042005><FONT face=3DArial
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D708523913-04042005><FONT face=3DArial =
size=3D2>Thanks.
</FONT></SPAN></DIV>
<DIV><SPAN class=3D708523913-04042005><FONT face=3DArial
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D708523913-04042005><FONT face=3DArial
size=3D2>Nadeem</DIV></FONT></SPAN></BODY></HTML>

------_=_NextPart_001_01C5391D.D819527A--