Veuillez remplir les champs ci-dessous pour que nous puissions vous aider. Remarque : vous devez fournir votre nom de domaine pour obtenir de l’aide. Les noms de domaine des certificats émis sont tous rendus publics dans les journaux de Transparence de Certificat (par exemple, crt.sh | example.com). Par conséquent, le fait de ne pas indiquer votre nom de domaine ici n’aide pas à le garder secret, mais rend plus difficile pour nous le fait de vous aider.
Je peux lire des réponses en Anglais : Yes
Mon nom de domaine est : chez.jcz.fr
Mon serveur Web est (inclure la version) : WampServer / Apache 2.4.55
Le système d’exploitation sur lequel mon serveur Web s’exécute est (version incluse) : Windows 10 Pro
Hello let's Encrypt community
To create my pfx, I used the "wacs.exe" tool.
I tested it by doing "openssl s_client -connect chez.jcz.fr:443 -tls1_3".
If I use the "PFX" client certificate (SSLVerifyClient Require in Apache) I have this result:
CONNECTED(000001A8)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = chez.jcz.fr
verify return:1
---
Certificate chain
0 s:CN = chez.jcz.fr
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 3072 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 00:03:01 2023 GMT; NotAfter: May 19 00:03:00 2023 GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgISBHbma5LOGSfgUbuUFsPsO6fEMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzAyMTgwMDAzMDFaFw0yMzA1MTkwMDAzMDBaMBYxFDASBgNVBAMT
C2NoZXouamN6LmZyMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAr32P
8ZqEQkA7b7EYlqNQuUqYTs/0V4q0+FPvphED6lJ3luMaZYs/JaBhlJcx5xGHMjik
yzYJwLr8a0hg+ickb6H2UllhzYDzH9JLH4RL5U3IuOfWw/DIzLXkPyCE3rbESup8
U4xmmTtng3hCtsUBdVQG+8AbJ4tGHLC8xIG6Lzzw5pp2w6dDTB46k2jMQbP0QzqO
khaCKiCGgdmGVepzd+uIizd+2FexfHwi5HpghSiIRUkXvUcrx4XqmPOE2WTyC4Rp
Hv9xaXh+qXuT+MG+AODK6JD4fUr6NZ6Fq2mIOQmO/ZWTP16waKiFavyKYQAJ55wy
kcq/F0DYmkC71C5mlbp6QrCkaSCcYJ0LnfJgmwDBML8/61+49Cby7di6uYAQD0m/
0LGZRDe4mPQNnsDrzC09PEGz/UMtXQ6zgPFOdWPelWzNilUHsUm8jsTGKOxVKAtl
rNkpT9nJV3XfVOI8D4p8Nf72gHnI25YEyVXmuoAdcYmaE1xHwUXc5R8BJe0TAgMB
AAGjggJFMIICQTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDjUv1fm8fEE4pXGx7uv
OIIINWjPMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUF
BwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsG
AQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMBYGA1UdEQQPMA2CC2NoZXou
amN6LmZyMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYI
KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBAwYKKwYBBAHW
eQIEAgSB9ASB8QDvAHUAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IA
AAGGYgu7pwAABAMARjBEAiBADDyYqw6AWT0kfSvhAD1qM0YYXaljo2YX6zuEY34V
tgIgDqeHFj5cpvLmkbUGtBDW4LejyHwr5LtaSPoacqe49ZAAdgDoPtDaPvUGNTLn
Vyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAYZiC7uOAAAEAwBHMEUCIQDwfpL0BURh
uu4WTecMXud38mNsybGlFC5tnDXevb48igIga8W8zyN2DmCxBpK6bNQJCtUZPSB3
Zwgv5qYFtBdVm3EwDQYJKoZIhvcNAQELBQADggEBAAI0JS0/oey4dfK3plmabuOz
+7PG/k+GI0vbc4l5FOLKz1pwPXqVL5fLpRtaAnzHcuSfgqu0vdaelmMgFpKlyXfE
nML35QwJLIBstCpWQE9GJWus5bHHU9SLKQ06ZVAerDJ3Wv/PE36FnVibZcW5h9zq
B4IsMxfqIYvwqEPdEP3QMpC4/xRELrysMdnKzp+UTglKw2pt9l8Btzm9ryiW8egG
6AeDa2+On7tL8wDhrFJvrcoO0bxlEuNJPKCUiBKby2aJb4p2IfverAuz1sbxPoLa
5Ylc+V+TOMUtphUdXkis5uK7OsDhFwYthwEDd9Je1j8fN7fp8TsQt2wyrHNFFnA=
-----END CERTIFICATE-----
subject=CN = chez.jcz.fr
issuer=C = US, O = Let's Encrypt, CN = R3
---
Acceptable client certificate CA names
CN = chez.jcz.fr
C = US, O = Let's Encrypt, CN = R3
C = US, O = Internet Security Research Group, CN = ISRG Root X1
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5059 bytes and written 355 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 3072 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
28420000:error:0A00045C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required:ssl\record\rec_layer_s3.c:1600:SSL alert number 116
Press any key to continue...
If I don't use the "PFX" client certificate (SSLVerifyClient None in Apache) I get this result:
CONNECTED(000001B0)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = chez.jcz.fr
verify return:1
---
Certificate chain
0 s:CN = chez.jcz.fr
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 3072 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 18 00:03:01 2023 GMT; NotAfter: May 19 00:03:00 2023 GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgISBHbma5LOGSfgUbuUFsPsO6fEMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzAyMTgwMDAzMDFaFw0yMzA1MTkwMDAzMDBaMBYxFDASBgNVBAMT
C2NoZXouamN6LmZyMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAr32P
8ZqEQkA7b7EYlqNQuUqYTs/0V4q0+FPvphED6lJ3luMaZYs/JaBhlJcx5xGHMjik
yzYJwLr8a0hg+ickb6H2UllhzYDzH9JLH4RL5U3IuOfWw/DIzLXkPyCE3rbESup8
U4xmmTtng3hCtsUBdVQG+8AbJ4tGHLC8xIG6Lzzw5pp2w6dDTB46k2jMQbP0QzqO
khaCKiCGgdmGVepzd+uIizd+2FexfHwi5HpghSiIRUkXvUcrx4XqmPOE2WTyC4Rp
Hv9xaXh+qXuT+MG+AODK6JD4fUr6NZ6Fq2mIOQmO/ZWTP16waKiFavyKYQAJ55wy
kcq/F0DYmkC71C5mlbp6QrCkaSCcYJ0LnfJgmwDBML8/61+49Cby7di6uYAQD0m/
0LGZRDe4mPQNnsDrzC09PEGz/UMtXQ6zgPFOdWPelWzNilUHsUm8jsTGKOxVKAtl
rNkpT9nJV3XfVOI8D4p8Nf72gHnI25YEyVXmuoAdcYmaE1xHwUXc5R8BJe0TAgMB
AAGjggJFMIICQTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDjUv1fm8fEE4pXGx7uv
OIIINWjPMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUF
BwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsG
AQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMBYGA1UdEQQPMA2CC2NoZXou
amN6LmZyMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYI
KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBAwYKKwYBBAHW
eQIEAgSB9ASB8QDvAHUAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IA
AAGGYgu7pwAABAMARjBEAiBADDyYqw6AWT0kfSvhAD1qM0YYXaljo2YX6zuEY34V
tgIgDqeHFj5cpvLmkbUGtBDW4LejyHwr5LtaSPoacqe49ZAAdgDoPtDaPvUGNTLn
Vyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAYZiC7uOAAAEAwBHMEUCIQDwfpL0BURh
uu4WTecMXud38mNsybGlFC5tnDXevb48igIga8W8zyN2DmCxBpK6bNQJCtUZPSB3
Zwgv5qYFtBdVm3EwDQYJKoZIhvcNAQELBQADggEBAAI0JS0/oey4dfK3plmabuOz
+7PG/k+GI0vbc4l5FOLKz1pwPXqVL5fLpRtaAnzHcuSfgqu0vdaelmMgFpKlyXfE
nML35QwJLIBstCpWQE9GJWus5bHHU9SLKQ06ZVAerDJ3Wv/PE36FnVibZcW5h9zq
B4IsMxfqIYvwqEPdEP3QMpC4/xRELrysMdnKzp+UTglKw2pt9l8Btzm9ryiW8egG
6AeDa2+On7tL8wDhrFJvrcoO0bxlEuNJPKCUiBKby2aJb4p2IfverAuz1sbxPoLa
5Ylc+V+TOMUtphUdXkis5uK7OsDhFwYthwEDd9Je1j8fN7fp8TsQt2wyrHNFFnA=
-----END CERTIFICATE-----
subject=CN = chez.jcz.fr
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4823 bytes and written 325 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 3072 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 3AFDEA8AE8F89E73E3D675CC5F74E4923F44660F3BC2CF70112C5266FE3A35E4
Session-ID-ctx:
Resumption PSK: 629BDFC0064A934A02374E1BE3DC7B3ECC34AC8F5E0981506CCADE40A2DA647B990B29732CFC412B37BCB5D851763319
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 7c c2 7f 52 70 2f b0 59-65 2c 3a 8f 84 38 3c 2f |..Rp/.Ye,:..8</
0010 - b5 0f 10 b8 c7 e0 92 9b-5f 5b 03 bf 67 74 ed 06 ........_[..gt..
Start Time: 1676688013
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 1B697E0662C9FA24A061A8F2364396BE6541DD0A53EBE906C974B1F6D243CBC9
Session-ID-ctx:
Resumption PSK: AC346AB9ADE759539241423B09D8F98363E2A2BEAD405BE14B3D3B9BAE6559A800D455775C54E381EB9C18725BCB21BA
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - ca c2 d8 34 c0 2f de 65-97 37 ee 68 49 6d 8c c8 ...4./.e.7.hIm..
0010 - e6 1b d7 e1 76 9c 5c 79-3d a4 61 bf cb 9a 63 9b ....v.\y=.a...c.
Start Time: 1676688013
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
closed
Press any key to continue...
What is the problem?
Without PFX (SSLVerifyClient None in Apache), I can enter my site "chez.jcz.fr".
What is the problem?
Cordialy.
Artemus24.
@+