[Mod_nss-list] Client certificates with a keylength of 2048?
Rob Crittenden
rcritten at redhat.com
Fri Nov 9 14:29:12 UTC 2012
Wilhelm Linder Rosen wrote:
> Hi!
>
> I'm having trouble with client certificates;
> I have to two CA:s, one (A) which issues client certificates with 1024
> bit keylengths, and one (B) which issues client certificates with 2048
> bits.
> Now, entering a site with the A client cert is no problem. Entering the
> same site with the B client cert however, gets me a "The site could not
> be loaded".
>
> The logs show me basically nothing; I get
> "connection to child 1 established"
> "connection to child 1 closed"
> "connection to child 3 established"
> "connection to child 3 closed"
>
> Could anyone confirm if 2048 bit client certificates work?
They should work fine. What is the HTTP response code with the 2048 key?
You can check the access log.
You might try setting LogLevel debug in nss.conf and restarting httpd.
You'll get additional details but since you aren't getting a server-side
error message I'm not entirely sure how helpful it will be.
rob
More information about the Mod_nss-list
mailing list