Sourcefire with User Certificate

I was doing a Sourcefire/Defense Center install and the customer wanted to add their wildcard certificate to the Defense Center Web Interface. No big deal right? We installed the cert then turned it on. We logged out and when trying to log back in, we hit a wall. The client (us) could not establish an SSL connection. Depending on the browser the error messages we’re different. Firefox and Chrome had better descriptions of the error-

“Unable to establish a secure connection with the server. The server may have encountered a problem and requires a client authentication certificate that you do not have.


Secure Connection Failed

An error occurred during a connection to
SSL peer was unable to negotiate an acceptable set of security parameters
(Error code: ssl_error_handshake_failure_alert)


In scouring the web I found all kinds of ‘fixes’; disable A/V, check your time, reinstall the browser, delete certs, delete host file, etc. Chrome really provided the clue, “client authentication certificate”. I SSH’d into Defense Center and took a look at the SSL certs and they looked OK. Then I looked at the SSL config file and it too looked just fine. Next I looked at Apache directory and looked at ssl_certificates.conf.

root@sourcefire:/etc/httpd# cat ssl_certificates.conf 

SSLCertificateFile /etc/ssl/1422301182.server-cert.pem
SSLCertificateKeyFile /etc/ssl/1422301182.server-key.pem

SSLVerifyClient require

I commented out SSLVerifyClient require and bingo! I can now access Defense Center with the wildcard cert! Hope it saves you some time.