apache Client Certificate Authentication errors: Certificate Verification: Error (18): self signed certificate
Posted
by
decoy
on Server Fault
See other posts from Server Fault
or by decoy
Published on 2011-12-20T20:57:19Z
Indexed on
2012/11/21
23:01 UTC
Read the original article
Hit count: 923
So I have been following instructions on setting up Client Certificate Authentication in Apache2 w/ mod_ssl. This is solely for the purpose of testing an application against CAA, not for any sort of production use.
So far I've followed http://www.impetus.us/~rjmooney/projects/misc/clientcertauth.html for advice on generating my CA, server, and client encryption information. I've put all three of them into /etc/ssl/ca/private. I've setup the following additional directives in my default_ssl site file:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
...
SSLEngine on
SSLCertificateFile /etc/ssl/ca/private/server.crt
SSLCertificateKeyFile /etc/ssl/ca/private/server.key
SSLVerifyClient require
SSLVerifyDepth 2
SSLCACertificatePath /etc/ssl/ca/private
SSLCACertificateFile /etc/ssl/ca/private/ca.crt
<Location />
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 2
</Location>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
...
</VirtualHost>
</IfModule>
I've install the p12 file into Chrome, but when I go to visit https://localhost, I get the following errors
Chrome: Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.
Apache: Certificate Verification: Error (18): self signed certificate
If I had to guess, one of my directives is not setup right to load and verify the p12 w/ my self created CA. But I can't for the life of me figure out what it is. Would anyone have more experience here who could point me in the right direction?
© Server Fault or respective owner
