View Issue Details
|Main CAcert Website
|0000787: SSL Handshake Error if no Client Cert is Installed
It seem to be the same issue as reported in
The problem presents if trying to follow links to the https://secure.cacert.org/ domain (instead of https://www.cacert.org )
or by clicking at the "certificate login" link
If you have no Client Certificate installed, you get an
SSL-Handshake error. This is misleading.
Isn't there a way to check first if client cert is being present first?
Fehler: Gesicherte Verbindung fehlgeschlagen
Ein Fehler ist während einer Verbindung mit secure.cacert.org aufgetreten.
Die SSL-Gegenstelle konnte keinen akzeptablen Satz an Sicherheitsparametern aushandeln.
|No tags attached.
|Handshake failure: Cannot reach the cert login page at https://secure.cacert.org
|Can't connect to it to cats.cacert.org
|CACert CATS Manual has only one page, which is mostly empty
> Isn't there a way to check first if client cert is being present first?
There is a way to request the client certificate (Apache optional client certificate setting) and present a more helpful error message.
This however causes problems for Safari and potentially Chrome browsers that will ignore the server's certificate request to the browser and just display the error page and not give user's the option to provide a certificate.
There were some ugly hacks I did on Cats to get this to a better state however its far from idea. It could however be better than what we have now.
Since Mozilla devs seem unwilling provide a better error message, who knows what Apple will do, and its probably time we did a better solution.
|related to 0000674
|duplicate of 0000511
|Note Added: 0001503
|related to 0001107