From wilhelm.linder.rosen at init.se Thu Nov 8 15:39:45 2012 From: wilhelm.linder.rosen at init.se (Wilhelm Linder Rosen) Date: Thu, 8 Nov 2012 16:39:45 +0100 Subject: [Mod_nss-list] Mod_nss + RSA Access Manager = "rawDN = " Message-ID: Hi! Trying to set up mod_nss with RSA Access Manager, but when using debug on the AM-log, it shows that the "raw DN" is empty. Would anyone happen to know how I after the client authentication pass the DN on? All the best, -- Wilhelm Linder Ros?n Konsult Init AB 0733 - 404 804 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Thu Nov 8 16:14:40 2012 From: rcritten at redhat.com (Rob Crittenden) Date: Thu, 08 Nov 2012 11:14:40 -0500 Subject: [Mod_nss-list] Mod_nss + RSA Access Manager = "rawDN = " In-Reply-To: References: Message-ID: <509BDA70.3030504@redhat.com> Wilhelm Linder Rosen wrote: > Hi! > > Trying to set up mod_nss with RSA Access Manager, but when using debug > on the AM-log, it shows that the "raw DN" is empty. > Would anyone happen to know how I after the client authentication pass > the DN on? Sorry, I don't know anything about RSA Access Manager. Is rawDN an environment variable that gets set? Where does this come from? regards rob From wilhelm.linder.rosen at init.se Fri Nov 9 13:29:21 2012 From: wilhelm.linder.rosen at init.se (Wilhelm Linder Rosen) Date: Fri, 9 Nov 2012 14:29:21 +0100 Subject: [Mod_nss-list] Client certificates with a keylength of 2048? Message-ID: Hi! I'm having trouble with client certificates; I have to two CA:s, one (A) which issues client certificates with 1024 bit keylengths, and one (B) which issues client certificates with 2048 bits. Now, entering a site with the A client cert is no problem. Entering the same site with the B client cert however, gets me a "The site could not be loaded". The logs show me basically nothing; I get "connection to child 1 established" "connection to child 1 closed" "connection to child 3 established" "connection to child 3 closed" Could anyone confirm if 2048 bit client certificates work? All the best, -- Wilhelm Linder Ros?n Konsult Init AB 0733 - 404 804 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Fri Nov 9 14:29:12 2012 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 09 Nov 2012 09:29:12 -0500 Subject: [Mod_nss-list] Client certificates with a keylength of 2048? In-Reply-To: References: Message-ID: <509D1338.2040403@redhat.com> Wilhelm Linder Rosen wrote: > Hi! > > I'm having trouble with client certificates; > I have to two CA:s, one (A) which issues client certificates with 1024 > bit keylengths, and one (B) which issues client certificates with 2048 > bits. > Now, entering a site with the A client cert is no problem. Entering the > same site with the B client cert however, gets me a "The site could not > be loaded". > > The logs show me basically nothing; I get > "connection to child 1 established" > "connection to child 1 closed" > "connection to child 3 established" > "connection to child 3 closed" > > Could anyone confirm if 2048 bit client certificates work? They should work fine. What is the HTTP response code with the 2048 key? You can check the access log. You might try setting LogLevel debug in nss.conf and restarting httpd. You'll get additional details but since you aren't getting a server-side error message I'm not entirely sure how helpful it will be. rob