我正在尝试实施基于证书的身份验证,并且在SSL / TLS握手期间遇到错误。我试图使用openssl s_client -state -debug -connect example.si:443
来调试它,但我老实说它不够精通,无法解释输出:
据我所知,证书链已经过正确验证(我已经检查了here),而且我的httpd.conf
文件中似乎没有出现任何错误,在Apache 2.2服务器上设置VirtualHost时:
<VirtualHost *:443>
DocumentRoot D:/www/authentication
ServerName lpt.uni-mb.si
ServerAlias lpt.uni-mb.si
SSLEngine on
SSLCertificateFile "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\ssl\22_lpt.uni-mb.si.crt"
SSLCACertificateFile "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\ssl\root.crt"
SSLCertificateKeyFile "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\ssl\server.key"
SSLCertificateChainFile "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\ssl\11_Intermediate.crt"
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!aNULL:!MD5:!RC4
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData
<Directory "D:/www/authentication">
Options Indexes Includes
AllowOverride All
Order Deny,Allow
Allow from all
Options +FollowSymlinks
</Directory>
</VirtualHost>
考虑到非常短的写操作,可能是客户端密钥交换存在一些问题吗?
答案 0 :(得分:0)
据我从您的pastebin链接中看到,您发出了:
openssl s_client -state -debug
-CAfile "C:\Program Files (x86)\Apache Software Foundation\Apache 2.2\conf\ssl\root.crt"
-connect lpt.uni-mb.si:443
但您没有提供客户端证书。尝试使用证书/密钥文件添加openssl&#39; -cert
和-key
参数。