OpenSSL handshake error

Hello all,

I developed a web site in CGI/Perl on a SuSE Linux box on our internal network. It's purpose is to gather/edit information for an employee's possession company assets (laptops, cell phones, etc).

Background: I used OpenSSL/Apache to use SSL server/client certificates to automatically determine who is viewing the site. Every employee is required to run the Secude PSE tool on their workstation; we call it SSO: Single sign-on because it's used for other applications, too. When logged into the PSE tool, it automatically puts a client certificate into the browser. My server has a matching server certificate from the same CA. When the certs match, I can get the employee's ID out of the client cert key. I have a database that converts employee ID to real name, email address, etc.

The problem I'm having is that only some people experience a "Page cannot be displayed" error, which is traced back to my error_log with many entries like:

[Tue Apr 20 13:25:19 2004] [error] mod_ssl: SSL handshake failed (server csphl009.phl.sap.corp:443, client 147.204.44.125) (OpenSSL library error follows)
[Tue Apr 20 13:25:19 2004] [error] OpenSSL: error:140890C7:lib(20):func(137):reason(199)

My guess is that the client cert somehow doesn't match the server cert, but how can I tell this for sure? This error message doesn't tell me much.

Any ideas would be appreciated. Thanks.

 

 

 

 

Top