Pripojeni pomoci certifikatu k Apache webserveru
Top : PublicInfoDeafultProfile : SystemovaSprava
| Article ID: |
 |
000180 |
| Rating: |
|
2.3 / 5.0 (3 votes)
|
| Views: |
|
15455 |
|
|
reseni klientskych problemu s pristupem k certifikatem zabezpecenemu prostredi
|
Resume:
nejdrive je treba overit ze server je z klientskeho PC dostupny, tj. ze lze navazat TCP spojeni klient - server viz. bod 0)
nasleduje kontrola platnosti certifikatu a vubec pritomnosti certifikatu v uzivatelove browseru, viz. bod 1) resp 2)
0) overeni dostupnosti serveru (telent / openssl)
$ telnet <zakaznik>.helpdesk.aplis.cz 443
$ openssl s_client -connect <zakaznik>.helpdesk.aplis.cz:443
CONNECTED(00000003)
depth=2 /C=cz/O=aplis/OU=Root CA/CN=aplis Root CA/emailAddress=ca@aplis.cz
verify error:num=19:self signed certificate in certificate chain
verify return:0
11111:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1060:SSL alert number 40
11111:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
1) Mozilla, Firefox
ke stazeni: http://www.mozilla.cz/stahnout/firefox/
a) zalozka Advanced/Encryption kliknout na "view certificates"
aa) pro import kliknout na import a vybrat soubor <jmeno>.p12 z Vaseho PC
ab) pro smazani oznacit kliknutim certifikat a vybrat delete
ac) pro zazalohovani certifikatu oznacit kliknutim certifikat, vybrat backup, zadat heslo (2x) zalohy certifikatu.
POZN: v zavislosti na nastavene politice brovseru resp. PC je treba pri praci s certifikaty uvadet "master password" tzn. hlavni heslo k ulozenym certifikatum a heslum brovseru.
++++++
chyba pri nepredlozeni klientskeho certifikatu browserem Firefox:
Secure Connection Failed
An error occurred during a connection to cerberus.aplis.cz.
SSL peer was unable to negotiate an acceptable set of security parameters.
(Error code: ssl_error_handshake_failure_alert)
* The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
* Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
=====================================
2) MSIE
treba doplnit, od verze k verzi se chova jinak, lze, nedoporucuje se pro reseni problemu.
=====================================
3) Opera
a) zalozka Advanced/Security kliknout na "manage certificates"
aa) pro import kliknout na import a vybrat soubor <jmeno>.p12 z Vaseho PC
ab) pro smazani oznacit kliknutim certifikat a vybrat delete
ac) pro zazalohovani certifikatu oznacit kliknutim certifikat, vybrat backup, zadat heslo (2x) zalohy certifikatu.
POZN: v zavislosti na nastavene politice brovseru resp. PC je treba pri praci s certifikaty uvadet "master password" tzn. hlavni heslo k ulozenym certifikatum a heslum brovseru.
++++++++++
chyba pri nepredlozeni klientskeho certifikatu browserem Opera:
Error!
Unable to complete secure transaction
You tried to access the address https://ucl.helpdesk.aplis.cz/, which is currently unavailable. Please make sure that the Web address (URL) is correctly spelled and punctuated, then try reloading the page.
Secure connection: fatal error (40) from server.
https://ucl.helpdesk.aplis.cz/
Failed to connect to server. The reason may be that the encryption methods supported by the server are not enabled in the security preferences.
Please note that some encryption methods are no longer supported, and that access will not be possible until the Web site has been upgraded to use strong encryption.
Make sure your Internet connection is active and check whether other applications that rely on the same connection are working.
|
