- edited description
Client certificate authentication not working
Issue #714
new
I have followed directions in monit man page but client certificate authentication as yet does not work. I will give relevant information here.
- Run monit -Iv
- Browse to the site (chrome)
- Browser asks for cert, I select one that I configured
- Errors generated
Output from monit -Iv
SSL: read error -- error:140350E5:SSL routines:ACCEPT_SR_CERT:ssl handshake failure
SSL: write error -- error:140350E5:SSL routines:ACCEPT_SR_CERT:ssl handshake failure
HttpRequest: error -- client [XX.XX.XX.XX]: HTTP/1.0 400 No request found
SSL: cannot get application dataSSL client certificate verification error: error number 1
How I configured Monit.
set httpd port 443 and
allow localhost
allow XX.XX.XX.XX
allow admin:password-here
with ssl {
pemfile: /etc/ssl/full-sally.pem
clientpemfile: /etc/ssl/client-sally.pem
}
Contents of full-sally.pem file:
-----BEGIN PRIVATE KEY-----
... stuff here ...
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
... stuff here ...
-----END CERTIFICATE-----
Contents of client-sally.pem. Over 100 CA certs in this file.
-----BEGIN CERTIFICATE-----
... stuff here (this is my cert) ...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
... stuff here (this is the CA cert) ...
-----END CERTIFICATE-----
^-- more than x100 times
Can this be a bug in the code? I am following directions in monit man page exactly.
This is Monit version 5.23.0 Built with ssl, with ipv6, with compression, without pam and with large files Copyright (C) 2001-2017 Tildeslash Ltd. All Rights Reserved.
Comments (1)
-
reporter
- Log in to comment