我正在使用有效的证书,但是我无法获得客户端证书。 lighttpd服务失败,错误:
(connections-glue.c.200)SSL:1错误:140890C7:SSL例程:SSL3_GET_CLIENT_CERTIFICATE:对等方没有返回证书
我的configuration是这样的:
$SERVER["socket"] == ":443" { protocol = "https://" ssl.engine = "enable" ssl.disable-client-renegotiation = "enable" #server.name = "mywebsite.com" ssl.pemfile = "/etc/lighttpd/ssl/mywebsite.com.pem" ssl.ca-file = "/etc/lighttpd/ssl/mywebsite.com.csr" ssl.ec-curve = "secp384r1" ssl.use-sslv2 = "disable" ssl.use-sslv3 = "disable" ssl.honor-cipher-order = "enable" ssl.cipher-list = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS" # HSTS(15768000 seconds = 6 months) #setenv.add-response-header = ( # "Strict-Transport-Security" => "max-age=15768000;" #) #ask for client cert ssl.verifyclient.exportcert = "enable" ssl.verifyclient.activate = "enable" ssl.verifyclient.username = "SSL_CLIENT_S_DN_CN" ssl.verifyclient.enforce = "enable" ssl.verifyclient.depth = 3 } } ssl.ca文件读取内容,您可以在这里调用任何文件types,即使是.txt,如果内容是证书或证书链,对lighttpd无关紧要。
当您启用ssl.verifyclient.activate时,lighttpd将请求通过ca文件内的根CA证书进行播放的证书。
如果我想使用第三方证书,例如,ICP-Brazil,这是所有个人证书的根。 这个证书是由这个实体签署的,certificate你确实是你,而且在法庭上是合法的。 ICP-Brazil现在有5个版本的根证书,所以如果系统应该支持旧版证书(可能会有6年的有效期),那就意味着你需要在ssl.ca-file上添加多个证书。 如此处所述: https : //schnouki.net/posts/2014/08/12/lighttpd-and-ssl-client-certificates/
关于错误:
(connections.c.305)SSL:1错误:140890C7:SSL例程:SSL3_GET_CLIENT_CERTIFICATE:对等方没有返回证书
这是因为一些原因:
所以我得出这样的结论,这不是一个真正需要纠正的错误,而是ssl握手技术的局限性。