客户端密钥交换后的SSL / TLS握手错误

时间:2016-05-19 12:03:17

标签: apache ssl client-certificates handshake

我正在尝试实施基于证书的身份验证,并且在SSL / TLS握手期间遇到错误。我试图使用openssl s_client -state -debug -connect example.si:443来调试它,但我老实说它不够精通,无法解释输出:

http://pastebin.com/7BiJXeAY

据我所知,证书链已经过正确验证(我已经检查了here),而且我的httpd.conf文件中似乎没有出现任何错误,在Apache 2.2服务器上设置VirtualHost时:

<VirtualHost *:443>
   DocumentRoot D:/www/authentication
   ServerName lpt.uni-mb.si
   ServerAlias lpt.uni-mb.si
   SSLEngine on
   SSLCertificateFile "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\ssl\22_lpt.uni-mb.si.crt"
   SSLCACertificateFile "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\ssl\root.crt"
   SSLCertificateKeyFile "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\ssl\server.key"
   SSLCertificateChainFile "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\ssl\11_Intermediate.crt"
   SSLProtocol all -SSLv2 -SSLv3
   SSLCipherSuite HIGH:!aNULL:!MD5:!RC4
   SSLVerifyClient require
   SSLVerifyDepth  10
   SSLOptions +StdEnvVars +ExportCertData
   <Directory "D:/www/authentication">
       Options Indexes Includes
       AllowOverride All
       Order Deny,Allow
       Allow from all
       Options +FollowSymlinks
   </Directory>
</VirtualHost>

考虑到非常短的写操作,可能是客户端密钥交换存在一些问题吗?

1 个答案:

答案 0 :(得分:0)

据我从您的pastebin链接中看到,您发出了:

openssl s_client -state -debug
    -CAfile "C:\Program Files (x86)\Apache Software Foundation\Apache 2.2\conf\ssl\root.crt"
    -connect lpt.uni-mb.si:443

但您没有提供客户端证书。尝试使用证书/密钥文件添加openssl&#39; -cert-key参数。