Hi,
I’m trying to authenticate with an apache web server using client
certificate authentication, here is the code snippet:
http = Net::HTTP.new(appliance.hostname,
Net::HTTP.https_default_port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
File.open("/tmp/controller.pem") do |cert_file|
key_data = cert_file.read
http.cert = OpenSSL::X509::Certificate.new(key_data)
#http.key = OpenSSL::PKey::RSA.new(key_data, nil)
logger.info key_data
end
req = Net::HTTP::Post.new('/policy/upload_and_apply')
req.set_form_data({
'filename'=>@baseline.name,
'baseline'=>@baseline.baseline,
'description'=>@baseline.description}, ';')
result = http.start {|http| http.request(req)}
If I use the line http.key = I get an exception with the error:
Neither PUB key nor PRIV key:: nested asn1 error
without it I get the error:
SSL_read:: ssl handshake failure
On the apache side it shows this:
[Tue Nov 14 16:31:39 2006] [debug] ssl_engine_kernel.c(1745): OpenSSL:
Write: SSLv3 read client certificate B
[Tue Nov 14 16:31:39 2006] [debug] ssl_engine_kernel.c(1764): OpenSSL:
Exit: error in SSLv3 read client certificate B
[Tue Nov 14 16:31:39 2006] [error] Re-negotiation handshake failed: Not
accepted by client!?
[Tue Nov 14 16:31:39 2006] [debug] ssl_engine_io.c(1483): [client
192.168.0.203] read from buffered SSL brigade, mode 0, 8192 bytes
[Tue Nov 14 16:31:39 2006] [debug] ssl_engine_io.c(1542): [client
192.168.0.203] buffered SSL brigade now exhausted; removing filter
(There’s lots more, this seems like the most pertinent bit).
The same certificate works fine when supplied in Firefox but not from
my ruby code.
Any ideas?
Cheers,
John