My company purchased a wildcard certificate from a vendor. This certificate was successfully configured with Apache 2.2 to secure a subdomain. Everything on the SSL side works.
Now I'm required to generate x509 client-side certificates to issue for this subdomain. I'm following along this page: (http://www.vanemery.com/Linux/Apache/apache-SSL.html), starting with "Creating Client Certificates for Authentication".
I've generated the p12 files and successfully imported them into Firefox. When I browse to the site now, I get an error in FireFox that says "The connection to the server was reset while the page was loading."
I think my problem is coming from not signing the client-side correctly. When I sign the client-side certificate, I'm using the PEM file (RapidSSL_CA_bundle.pem) from RapidSSL (who we bought the certificate from) for the -CA argument. For the -CAkey argument, I'm using the private key of the server. Is this correct?
Best Answer
Could be that you are using client certs with the wrong key usage. Please verify that your key usage has:
If you are using extended key usage, check for
On the server side verify that you have all the ca cert that was used to sign the client cert and the relevant pki hierarchy is set up. In a typical apache setup, this would look like:
Finally, you can try debug with good old openssl
or curl
Good luck!