/ Zope / Apsis / Pound Mailing List / Archive / 2006 / 2006-02 / https certificate problem

[ << ] [ >> ]

[ Troubles with Copy-Button in Zope-ZMI / Peter ... ] [ https certificate error / "wsws" ... ]

https certificate problem
"wsws" <wsws(at)fjca.com.cn>		 2006-02-17 06:14:29 [ FULL ] 
Hi
 everyone.
 
 I have a problem with Pound for days,still not solved.

 I configure Pound to ask for client certiificae,
my pound configure file is below:

LogLevel 2 
 Alive 30
 ListenHTTPS  
   Address 192.168.11.8
   Port 443 
   xHTTP 0
   WebDAV 0
   Client 1
   Change30x 1 
   Cert "/ws/Pound-2.0.1/me.pem"
   CAlist "/ws/Pound-2.0.1/fjroot.pem"
   #VerifyList "/ws/Pound-2.0.1/fjca.pem" 
   ClientCert 2 2
   NoHTTPS11 2
   Ciphers "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
   Service
   #   URL ".*"
      BackEnd
       Address 192.168.11.3
       Port  80
       Priority 1
     End
      Session
        Type IP
        TTL 300
      End
   End
End

when client -IE ,chose the certificate in certificate selection dialog,
we can now see this line in Pound logfile 

 BIO_do_handshake with 192.168.1.35 failed:
 error:140890B2:SSLroutines:SSL3_GET_CLIENT_CERTIFICATE:no certificate 
  returned

 where  ClientCert 2 2  change to Client 0 2 ,ask no certificate ,everything is
OK.

any suggestion ?
openssl is openssl 0.9.8a

 Thank!

                                                            WANG
                                                             2006.2.17
Attachments:  
text.html text/html 3388 Bytes
MailBoxer