3

So far I've had HTTPS working for a long time, so I don't think there are any trouble with the server certificates. Now I tried to add this to lighttpd.conf:

ssl.engine                  = "enable"
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
ssl.pemfile                 = "/etc/ssl/private/steinbitglis.domain.pem"
ssl.ca-file                 = "/etc/ssl/private/GandiStandardSSLCA.pem"
ssl.verifyclient.activate   = "enable"
ssl.verifyclient.enforce    = "enable"

The lighttpd error log says this:

(connections.c.299) SSL: 1 error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate

Firefox claims the following:

ssl_error_handshake_failure_alert

My goal is to replace username+passphrase with browser certificates, but I've not even been able to request any certificate from the browser yet. If anyone knows a good source to learn all the details I need to play with this technology, that would be awesome.

This is a test I did from a remote machine.

$ openssl s_client -CAfile GandiStandardSSLCA.pem -showcerts -connect steinbitglis.domain:443
CONNECTED(00000003)
depth=2 C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Hardware
verify return:1
depth=1 C = FR, O = GANDI SAS, CN = Gandi Standard SSL CA
verify return:1
depth=0 OU = Domain Control Validated, OU = Gandi Standard SSL, CN = steinbitglis.domain
verify return:1
139713412519584:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1195:SSL alert number 40
139713412519584:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:591:
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=Gandi Standard SSL/CN=steinbitglis.domain
   i:/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
 1 s:/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA
   i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
---
Server certificate
subject=/OU=Domain Control Validated/OU=Gandi Standard SSL/CN=steinbitglis.domain
issuer=/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA
---
Acceptable client certificate CA names
/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA
---
SSL handshake has read 2657 bytes and written 347 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : AES256-SHA
    Session-ID: CFD6D9A88B96888E9114F1EFF5DD23C83082D24F571B30105BA793FD06A1C311
    Session-ID-ctx: 
    Master-Key: 4106EE7BB7FF8DE9793431CFFD4175842D02C08AC055D315DBEF7B9BCAD3FF5032769A18775142BEA2AF9E80694A32B3
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1338161044
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---
Steinbitglis
  • 183
  • 1
  • 8
  • Can you provide the output of `openssl s_client -showcerts -CApath /etc/ssl/certs -connect myserver:443`? – mgorven May 27 '12 at 21:11
  • It was too long to post as a comment, so I added it to the question. The three lines following "CONNECTED" came to stderr. – Steinbitglis May 27 '12 at 21:38
  • Editing the question is the correct thing to do when adding information. `No client certificate CA names sent`: this means that Lighttpd is not telling the client which CAs are valid for client certificates, which usually means that the client won't send a certificate. I can't seem to find the configuration to do this though... – mgorven May 27 '12 at 21:44

1 Answers1

3
No client certificate CA names sent

This means that Lighttpd is not telling the client which CAs are valid for client certificates. This usually means that the client will not send a client certificate (since it is not able to decide which certificate to use).

It isn't very clear, but #1288 implies that the ssl.ca-file directive is used to specify the trusted CAs for client authentication, and I would think that this would be used to send the list of acceptable CAs to the client. Make sure that your ca-file includes the CA which your client certificate is signed by.

mgorven
  • 30,615
  • 7
  • 79
  • 122
  • I added some info about that config. ssl.ca-file = "/etc/ssl/private/GandiStandardSSLCA.pem" – Steinbitglis May 27 '12 at 22:14
  • Ok, I think I got my own environment trouble out of the way. Now I have some more realistic output from `openssl` in my question. – Steinbitglis May 27 '12 at 22:44
  • Good, Lighttpd is sending acceptable CA names now. Is your client's certificate signed by `/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA`? If not, append the CA certificate for client certificates to the `ssl.ca-file`. – mgorven May 27 '12 at 23:05
  • Tried again with `-CAfile GandiStandardSSLCA.pem`. Update in my question. – Steinbitglis May 27 '12 at 23:28
  • @Steinbitglis I'm referring to the `ssl.ca-file` set in Lighttpd, not the `s_client` test. Is the CA which the client certificates are signed by included in the `ssl.ca-file` configured in Lighttpd? – mgorven May 28 '12 at 01:11
  • As far as I can tell, the client browser has no certificate to provide yet. I thought that the server should request this to be created? I'm guessing I have to selectively turn off `ssl.verifyclient.enforce = "enable"` to be able to make that request? If so, how would I do that? – Steinbitglis May 28 '12 at 22:52
  • I don't know of any mechanism where a webserver can request the client to generate a certificate (and I don't think you want this, since the whole point of this is to provide authentication). I think there may be a JavaScript API to generate certificates, but you'd still need to implement uploading and trusting the certificate. Your best path is to generate and sign the client certificates out of band. – mgorven May 28 '12 at 22:56
  • This video demonstrates what I thought I would be doing. Probably I'll have to find some source of info about this technique. I also want to do WebID, but first: certificates. http://vimeo.com/14798335 – Steinbitglis May 28 '12 at 23:13