Does it work when using IE to access the server?
What is the exact error?
Note that apache requires have the root (topmost) signing CA in its trusted CA list.
Also check the SSLVerifyDepth setting of apache/mod_ssl.
David Balažic
Software Engineer
www.comtrade.com
> -----Original Message-----
> From: Thomas Åkesson [mailto:thomas_at_akesson.cc]
> Sent: 8. November 2016 18:23
> To: users_at_tortoisesvn.tigris.org
> Subject: Re: SSL client certificate from Windows certificate store
>
> Hello again,
>
> Found that OpenSSL does read the Windows “MY” / Personal store.
> - ./ext/openssl/engines/e_capi.c
> - There is also e_capi.patch.
> - Hash of the complete acceptable CA list is stored in the registry key
> “HKEY_CURRENT_USER\Software\TortoiseSVN\CAPIAuthz”.
> - Found code that compares the certificate with STACK_OF(X509_NAME) which
> is likely the CA hint from the server.
>
>
> The code looks good, unable to find anything obvious.
>
> I have servers on both Apache 2.2 and 2.4. I also have certificates issued from
> the same CA but with different intermediates, different depth actually (2 vs 3).
>
> The only combination that does not work is the certificate with depth 3 against
> Apache 2.4 when the certificate is in the Windows certificate store. Using the
> same p12 file configured in servers file works fine against Apache 2.4.
>
> Kind of odd.
>
> /Thomas Å.
>
> ------------------------------------------------------
> http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageI
> d=3193130
>
> To unsubscribe from this discussion, e-mail: [users-
> unsubscribe_at_tortoisesvn.tigris.org].
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3193135
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2016-11-08 18:51:01 CET