View Issue Details

IDProjectCategoryView StatusLast Update
0000787Main CAcert Websitecertificate issuingpublic2012-12-27 17:21
Reporterdichter Assigned To 
Status newResolutionopen 
Summary0000787: SSL Handshake Error if no Client Cert is Installed
It seem to be the same issue as reported in

The problem presents if trying to follow links to the domain (instead of )
or by clicking at the "certificate login" link

If you have no Client Certificate installed, you get an
SSL-Handshake error. This is misleading.

Isn't there a way to check first if client cert is being present first?

Firefox 3.5.5:
Fehler: Gesicherte Verbindung fehlgeschlagen
Ein Fehler ist während einer Verbindung mit aufgetreten.
Die SSL-Gegenstelle konnte keinen akzeptablen Satz an Sicherheitsparametern aushandeln.

(Fehlercode: ssl_error_handshake_failure_alert)
TagsNo tags attached.
Reviewed by
Test Instructions


duplicate of 0000511 closedTed Handshake failure: Cannot reach the cert login page at 
related to 0000674 closedSourcerer Can't connect to it to 
related to 0001107 new CACert CATS Manual has only one page, which is mostly empty 


Daniel Black

2009-11-07 01:21

reporter   ~0001503

> Isn't there a way to check first if client cert is being present first?
There is a way to request the client certificate (Apache optional client certificate setting) and present a more helpful error message.

This however causes problems for Safari and potentially Chrome browsers that will ignore the server's certificate request to the browser and just display the error page and not give user's the option to provide a certificate.

There were some ugly hacks I did on Cats to get this to a better state however its far from idea. It could however be better than what we have now.

Since Mozilla devs seem unwilling provide a better error message[1], who knows what Apple will do, and its probably time we did a better solution.

Issue History

Date Modified Username Field Change
2009-11-06 15:30 dichter New Issue
2009-11-06 15:32 dichter Relationship added related to 0000674
2009-11-06 15:33 dichter Relationship added duplicate of 0000511
2009-11-07 01:21 Daniel Black Note Added: 0001503
2012-12-27 17:21 Werner Dworak Relationship added related to 0001107