[Modules] [error] GnuTLS: Hanshake Alert (48) 'CA is unknown'.
uranus at tinlans.org
Thu Sep 18 13:30:32 EDT 2008
Here is my environment:
mod_ssl/2.2.9 (bundled with apache2 in FreeBSD's package/ports system)
OpenSSL/0.9.8e (OS bundled library)
mod_gnutls-0.4.3 (0.5.2 is also tested)
There are 7 name-based SSL virtual hosts configured in my web server.
The following 2 lines are appeared in the error log of my default SSL site when every one is accessing any SSL sites:
[error] GnuTLS: Hanshake Alert (48) 'CA is unknown'.
[error] [client 18.104.22.168] GnuTLS: Handshake Failed (-12) 'A TLS fatal alert has been received.'
There IP address appeared in the log file of default site is always the same as my web server.
That is, it's always 22.214.171.124.
The settings of my virtual hosts are always following the examples in README file of each version.
When I using mod_gnutls-0.4.3, the settings look like:
GnuTLSClientCAFile <path of ca cert>
GnuTLSCertificateFile <path of server's cert>
GnuTLSKeyFile <path of server's private key>
And when I using mod_gnutls-0.5.2, the settings look like:
GnuTLSX509CAFile <path of ca cert>
GnuTLSX509CertificateFile <path of server's cert>
GnuTLSX509KeyFile <path of server's private key>
Both of the two versions & settings are produced the same errors.
To remove GnuTLSX509CAFile or GnuTLSClientCAFile still doesn't help anything.
In addition, the CA's cert is self-signed.
All of my certs are worked fine in apache2+SSL, postfix+TLS, qpopper+SSL, and other services.
My browsers are IE7 and Firefox 3 (all of them are run on Windows Vista 32-bit).
Although this error is occured every time, my browsers are also told me the connections were encrypted.
I cannot see what kind of encryption is used by IE7.
Firefox 3 shows that it uses Camellia-256.
Even the connections are still safe, the error messages really washed my log file.
Would anyone like to help me to solve this problem?
More information about the Modules