Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/circui15/public_html/packetpros.com/index.php:4) in /home/circui15/public_html/packetpros.com/wp-content/plugins/wp-file-upload/wordpress_file_upload.php on line 2

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/circui15/public_html/packetpros.com/index.php:4) in /home/circui15/public_html/packetpros.com/wp-content/plugins/wp-file-upload/wordpress_file_upload.php on line 2

Warning: Cannot modify header information - headers already sent by (output started at /home/circui15/public_html/packetpros.com/index.php:4) in /home/circui15/public_html/packetpros.com/wp-content/plugins/read-offline/lib/phpMobi/MOBIClass/MOBI.php on line 179

Warning: Cannot modify header information - headers already sent by (output started at /home/circui15/public_html/packetpros.com/index.php:4) in /home/circui15/public_html/packetpros.com/wp-content/plugins/read-offline/lib/phpMobi/MOBIClass/MOBI.php on line 180

Warning: Cannot modify header information - headers already sent by (output started at /home/circui15/public_html/packetpros.com/index.php:4) in /home/circui15/public_html/packetpros.com/wp-content/plugins/read-offline/lib/phpMobi/MOBIClass/MOBI.php on line 181

Warning: Cannot modify header information - headers already sent by (output started at /home/circui15/public_html/packetpros.com/index.php:4) in /home/circui15/public_html/packetpros.com/wp-content/plugins/read-offline/lib/phpMobi/MOBIClass/MOBI.php on line 182

Warning: Cannot modify header information - headers already sent by (output started at /home/circui15/public_html/packetpros.com/index.php:4) in /home/circui15/public_html/packetpros.com/wp-content/plugins/read-offline/lib/phpMobi/MOBIClass/MOBI.php on line 183

Warning: Cannot modify header information - headers already sent by (output started at /home/circui15/public_html/packetpros.com/index.php:4) in /home/circui15/public_html/packetpros.com/wp-content/plugins/read-offline/lib/phpMobi/MOBIClass/MOBI.php on line 184

Warning: Cannot modify header information - headers already sent by (output started at /home/circui15/public_html/packetpros.com/index.php:4) in /home/circui15/public_html/packetpros.com/wp-content/plugins/read-offline/lib/phpMobi/MOBIClass/MOBI.php on line 185

Warning: Cannot modify header information - headers already sent by (output started at /home/circui15/public_html/packetpros.com/index.php:4) in /home/circui15/public_html/packetpros.com/wp-content/plugins/read-offline/lib/phpMobi/MOBIClass/MOBI.php on line 186
Sourcefire with User Certificate`c`cBOOKMOBI7cx )   MOBI!|Y @EXTHdColliniSourcefireg

I was doing a Sourcefire/Defense Center install and the customer wanted to add their wildcard certificate to the Defense Center Web Interface. No big deal right? We installed the cert then turned it on. We …

j'Tue, 27 Jan 2015 17:15:33 +0000p$http://packetpros.com/?p=378ePacketprosf Copyright packetpros.comSourcefire with User Certificate

I was doing a Sourcefire/Defense Center install and the customer wanted to add their wildcard certificate to the Defense Center Web Interface. No big deal right? We installed the cert then turned it on. We logged out and when trying to log back in, we hit a wall. The client (us) could not establish an SSL connection. Depending on the browser the error messages we’re different. Firefox and Chrome had better descriptions of the error-

Chrome-
“Unable to establish a secure connection with the server. The server may have encountered a problem and requires a client authentication certificate that you do not have.

Error Code: ERR_SSL_PROTOCOL_ERROR. “

Firefox-
Secure Connection Failed

An error occurred during a connection to web.mit.edu
SSL peer was unable to negotiate an acceptable set of security parameters
(Error code: ssl_error_handshake_failure_alert)

 

In scouring the web I found all kinds of ‘fixes’; disable A/V, check your time, reinstall the browser, delete certs, delete host file, etc. Chrome really provided the clue, “client authentication certificate”. I SSH’d into Defense Center and took a look at the SSL certs and they looked OK. Then I looked at the SSL config file and it too looked just fine. Next I looked at Apache directory and looked at ssl_certificates.conf.

root@sourcefire:/etc/httpd# cat ssl_certificates.conf 

SSLCertificateFile /etc/ssl/1422301182.server-cert.pem
SSLCertificateKeyFile /etc/ssl/1422301182.server-key.pem

SSLVerifyClient require

I commented out SSLVerifyClient require and bingo! I can now access Defense Center with the wildcard cert! Hope it saves you some time.

FLIS00 00 00 0800 4100 0000 00 00 00ff ff ff ff00 0100 0300 00 00 0300 00 00 01ff ff ff ffFCIS00 00 00 1400 00 00 1000 00 00 0100 00 00 0000 00 08 0d00 00 00 0000 00 00 2000 00 00 0800 0100 0100 00 00 003918400778