On Thu, 25 Oct 2007, Paul Heinlein wrote: > On Thu, 25 Oct 2007, Tom Diehl wrote: > >> Ok, So I changed the Makefile from localhost to match the actual hostname >> of the machine. I then ran "make testcert" as suggested above and answered >> the questions as appropriate. It then generated the cert without errors. I >> then modified ssl.conf to point to the .key file and the .crt file, >> restarted apache. >> >> Everything looked OK in the logs. I then pointed a browser at the machine >> and I got the following errors in the ssl error log: >> >> [Thu Oct 25 14:31:25 2007] [debug] ssl_engine_kernel.c(1770): OpenSSL: >> Write: SSLv3 read client certificate B >> [Thu Oct 25 14:31:25 2007] [debug] ssl_engine_kernel.c(1789): OpenSSL: >> Exit: error in SSLv3 read client certificate B >> [Thu Oct 25 14:31:25 2007] [debug] ssl_engine_kernel.c(1789): OpenSSL: >> Exit: error in SSLv3 read client certificate B > > Is SELinux enabled? Does your cert have the correct security context type > (probably httpd_config_t)? I set SELinux to permissive to be sure it was out of the way before I posted. In addition the context on the certs is root:object_r:cert_t which looks correct to me. Regards, -- Tom Diehl tdiehl at rogueind.com Spamtrap address mtd123 at rogueind.com