Google Chrome中的ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED [英] ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED in Google Chrome
问题描述
我有一个使用SSL客户端证书授权的网站。
所有客户端证书均使用OpenSSL生成并且是自签名的。所有网页浏览器都可以使用,但推荐使用的是Google Chrome浏览器,因为它使用与IE相同的SSL仓库,因此安装证书非常容易(点击 - 密码完成!)。
在GoogleChrome 29.0.1547.57 m上次更新后,无人可以访问我的网络服务器,甚至是我。
仅限Google chrome错误! IE和FF工作正常。
错误是:ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED。
在服务器错误日志中相同。
您有什么建议吗?
问题是,大部分客户都不熟悉电脑,他们对这种情况非常害怕。因此,电话支持人员正处于呼叫浪潮之中。
我在Windows7客户端系统中遇到同样的问题,无法使用客户端证书对我们的一些系统进行身份验证,但不是其他人。受影响的服务器正在运行Apache Tomcat,而未受影响的服务器正在运行IIS7,尽管我很犹豫是否将这种差异确定为罪魁祸首。
其他人看到了吗?
编辑:
我可以通过禁用TLSv1 .2 在服务器上。是否有人能够复制这种体验?
我也有兴趣知道其他人是否在除Windows平台之外的其他任何平台上看到这一点,因为它是唯一的地方(相同的版本OSX没有问题)。
EDIT2:
Chrome Bug报告在这里: https://code.google.com/p/铬/问题/详细信息?id = 278370
EDIT3:
应该在最新的Chrome稳定版中再次运行。 Chrome 30将具有更强大的修复功能,但现在应该可以使用29.x。
I've got a web site that uses SSL Client certificate authorization. All client certificates are generated using OpenSSL and are self-signed. Everything worked with all web-browsers, but the recommended one was Google Chrome, because it uses same SSL warehouse as IE, so certificate installation was pretty easy (click-click-password-done!). After last update of Google "Chrome 29.0.1547.57 m" noone can access my web-server, even me. Google chrome error only! IE and FF working fine. Error is: ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED. Same in server error log. Do you have any suggestions? The problem is that most part of clients are non familiar with PC's and they got very frightened about that situation. So phone support guys are under the wave of calls.
I'm experiencing the same thing here with Windows7 client systems unable to authenticate with client certificates against some of our systems, but not others. The affected servers are running Apache Tomcat while the unaffected are running IIS7, though I'm hesitant to identify that difference as the culprit.
Anyone else seeing this?
EDIT:
I'm able to eliminate the problem by disabling TLSv1.2 on the server. Is anyone else able to replicate this experience?
I would also be interested to know whether anyone else is seeing this on anything but the Windows platform, as it's the only place it's happening here (same version OSX has no issues).
EDIT2:
Chrome Bug Report here: https://code.google.com/p/chromium/issues/detail?id=278370
EDIT3:
Should be working again in latest Chrome stable. Chrome 30 will have a more robust fix, but 29.x should also work now.
这篇关于Google Chrome中的ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
