Hi all,
I encountered the error when i configured the web server to require client authentication. Can anyone advise?
[01/Jun/2006:15:41:08] failure (17048): HTTP3068: Error receiving request from 1
0.60.20.126 (SSL_ERROR_NO_TRUSTED_LIBSSL_CLIENT_CA: the CA that signed the clien
t certificate is not trusted locally)
Regards
Ken
Hi Ken,
This means that the type of certificate that you are using is not trusted, and therefore cannot be used. You have two options:
1) Use one of the supported types, e.g. Verisign
or
2) The upcoming release of WebServer 7.0 supports self-signed certificates, so perhaps you should try downloading a preview build and trying it out. You can get it here:
http://www.sun.com/download/products.xml?id=446518d5
Hope this helps
The message "the CA that signed the client certificate is not trusted locally" means that the CA that signed the *client* certificate (i.e. the cert that 10.60.20.126 sent to the server, here) is not trusted locally (i.e. by the web server).
For SSL client auth the clients must have certs signed by some CA which is trusted by the web server. If the client has a cert issued by a known CA (like Verisign and others), those are trusted by default. I suspect here the client has a cert issued by some local CA. You need to import that CA's cert into the web server and mark it trusted.
