Description of problem: There is a error on mod_ssl module. Version-Release number of selected component (if applicable): 2.0.46.61.ent How reproducible: 1 Steps to Reproduce: 1.make a site running on 443 port with no certificate required with a link to the same host with a port 8443. The port 8443 should request the client certificate. 2.your server should accept certificates from a ca (on my case from a internal ca) 3.access the site (simple site is attached) Actual results: The browser say This page cannot be displied and the apache server logged No acceptable peer certificate available. the LogLevel of the webserver was set with debug. i put the ssl_error_log on attachment. Expected results: when click on link to url:port with certificate required, the server should requeste a certificate and browser should request to user choose the certified on list. when select the certificate and send it, the second site should be open on screen. Additional info: The error occurs only if the actual url is equal, changing only the port number. On tests, the site was url https://blabla.com.br (with no certificate required) and the link to https://blabla.com.br:8443 (with certificate required). ps: on screen with a error (This page cannot be displied) if you copy the url and past on other window browser the certificate is requested and you can access the site. The error seems ocurr only on IE (6 e 7 was tested), but with Firefox the application (on WebSphere) cannot receive data from certificate.
Created attachment 144015 [details] ssl.conf ssl_erro_log and test sites
Thanks for the report. To be clear, is Firefox working exactly as expected, the browser is supplying the requested certificate when connected to the :8443 vhost? There is a misconfiguration here though I'm not sure it it makes any difference. Inside the vhost blocks, the servernames: ServerName xxxxxxxxxxxxxxx.gov.br should have the ":port" appended (:443 and :8443 appropriately). There is no attempt to renegotiate logged which is odd. In the :8443 vhost, if you nest the SSLVerifyClient require SSLVerifyDepth 10 as: <Location /> SSLVerifyClient require SSLVerifyDepth 10 </Location> does that make a difference?
Hi Orton, thanks for help. Using your sugestion i solve the problem. I just add the port number on ServerName. (ServerName xxxxxxxxxxxxxxx.gov.br:443 and ServerName xxxxxxxxxxxxxxx.gov.br:8443) The bug can be closed. Kléber
Thanks for letting us know.