info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: [error] Certificate Verification: Error (34): unhandled critical extension
1,497 views
Skip to first unread message
scott_t...@yahoo.com
Jun 7, 2010, 5:10:46 AM6/7/10
to
Bonjour All Users,
My setup has a ROOT CA and 3 level of Sub CA's. I have generated apache web server and client certificates from every the ROOT and Sub CA's.
I have configured my APACHE web server for client certificate (mutual) authentication. I have generated the apache web server certificate and client certificates from the ROOT CA with proper extensions. In case of Root CA, it works well. Mutual authentication works fine.
In case of Sub CA, the apache web server certifictae and client certificates are generated by SubCA with the same extensions/profile as in case of ROOT CA. But when i try to authenticate users from Sub CA's then following error occurs "unhandled critical extension". SSLCACertificateFile contains the concatenated certifcates of all the CA's( issuing CA certtificate is at top and Root ca certificate is at bottom of this file)
Here is my vhost file
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
DocumentRoot /srv/www/htdocs/
ServerName XXXXXXXXXXXXXX
RewriteEngine On
RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /srv/www/htdocs/
ServerName XXXXXXXXX
SSLEngine on
SSLCipherSuite HIGH
SSLProtocol all -SSLv2
SSLCertificateFile /etc/apache2/certificates/cert.pem
SSLCertificateKeyFile /etc/apache2/certificates/key.pem
SSLCACertificateFile /etc/apache2/certificates/chain.pem
#SSLCertificateChainFile /etc/apache2/certificates/chain.pem
//chain.pem contains all the upper level certificates concanetated such that (1st certificate is of issuing CA , going downward towards the root CA...
// i have also tried with the SSLCertificateChainFile directive but the error is same ...
<Directory "/srv/www/htdocs/">
SSLVerifyClient require
SSLRequireSSL
SSLRequire %{SSL_CLIENT_S_DN_CN} eq "XXXX"
SSLVerifyDepth 3
SSLOptions +StdEnvVars +ExportCertData
</Directory>
</VirtualHost>
I am using OpenSSL version 0.9.8h release 28 May 2008 and Apache version 2.2.10-2.5 that come by default with OpenSUSE 11.1 distribution...
This issue has already been reported in May 2006, Kindly guide me in this aspect.
Waiting for your kind Reply
Best Regards
Scott Thomas
Diarmuid Curtin-- Diarmuid Curtin wrote :
Hi,
I am running the following test:
openssl 0.9.8b
Mod_SSL 2.0.58
I am using mod_ssl for client authentication, however, when the client
presents the certificate, the following error appears
[error] Certificate Verification: Error (34): unhandled critical extension
in Apache log, and the SSL handshake fails.
When I use openssl -verify on the certificate, it seems happy.
Is there a way I can ask mod_ssl or openssl to ignore critical extensions?
I am aware that this is not good practice, however, I need to demo this
setup and there does not seem to be any other way forward.
i.e. is there a flag in openssl that can turn this checking off temporarily
& how can I do this?
Diarmuid
--
This message was sent on behalf of scott_t...@yahoo.com at openSubscriber.com
http://www.opensubscriber.com/message/openss...@openssl.org/4108750.html
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
Scott Thomas
Jun 11, 2010, 12:59:59 AM6/11/10
to
Bonjour Peter Sylvester,
>>Extensions are ignored in the root.
>>Without telling what critical extensions you have, it is difficult to help.
I had some extensions set to critical in my Sub CA certificates, i have re generated all the sub CA certificates and now it works fine. Thats rite that critical extension are only ignored in root, if Sub CA's contain some critical extensions apache mutual authentication fails. Thanks so much for the guidance ...
Best Regards
Scott Thomas
>>Extensions are ignored in the root.
>>Without telling what critical extensions you have, it is difficult to help.
I had some extensions set to critical in my Sub CA certificates, i have re generated all the sub CA certificates and now it works fine. Thats rite that critical extension are only ignored in root, if Sub CA's contain some critical extensions apache mutual authentication fails. Thanks so much for the guidance ...
Best Regards
Scott Thomas
Gaurav Joshi
Jul 16, 2021, 1:55:34 AM7/16/21
to
Yea 100% true but https://apkdyno.com can help to get free apks
Amy Crook
Oct 29, 2021, 2:57:34 AM10/29/21
to
The Rice Purity Test is a 100-question survey that originated in Rice University. It is a self-graded survey that assesses the participants’ supposed degree of innocence in worldly matters (secx, drugs, deceit, and other activities assumed to be vices), generally on a percentage scale with 0% being the least pure and 100% being the purest. It used to be voluntarily tested by new students for bonding with other similar students. However, the Rice Purity Test is normally for fun nowadays. https://www.ricepuritytests.net/
Engineering plugin
Sep 1, 2022, 3:16:48 PM9/1/22
to
mushahid Hussain
Sep 14, 2022, 12:30:48 PM9/14/22
to
Hi!
The same issue i found here, can you help me to solve this issue please? or any guide here?
My website is: https://kingdomvelleyislamabad.pk/
The same issue i found here, can you help me to solve this issue please? or any guide here?
My website is: https://kingdomvelleyislamabad.pk/
Rice Purity Test Now
Sep 19, 2022, 3:07:40 PM9/19/22
to
On Friday, July 16, 2021 at 10:55:34 AM UTC+5, Gaurav Joshi wrote:
> Yea 100% true but https://apkdyno.com can help to get free apks
To know all about the rice purity test to see how much innocent and pure you are. Visit our website or App for Innocence Test and see Test yourself now.
> Yea 100% true but https://apkdyno.com can help to get free apks
Visit Website: https://ricepuritytestnow.com/
Best Sublimation Printer
Sep 19, 2022, 3:09:42 PM9/19/22
to
On Friday, October 29, 2021 at 11:57:34 AM UTC+5, Amy Crook wrote:
> The Rice Purity Test is a 100-question survey that originated in Rice University. It is a self-graded survey that assesses the participants’ supposed degree of innocence in worldly matters (secx, drugs, deceit, and other activities assumed to be vices), generally on a percentage scale with 0% being the least pure and 100% being the purest. It used to be voluntarily tested by new students for bonding with other similar students. However, the Rice Purity Test is normally for fun nowadays. https://www.ricepuritytests.net/
We, Will Develop Your Sublimation Printing Business. Latest Reviews, Comparison & Information about sublimation printers.
> The Rice Purity Test is a 100-question survey that originated in Rice University. It is a self-graded survey that assesses the participants’ supposed degree of innocence in worldly matters (secx, drugs, deceit, and other activities assumed to be vices), generally on a percentage scale with 0% being the least pure and 100% being the purest. It used to be voluntarily tested by new students for bonding with other similar students. However, the Rice Purity Test is normally for fun nowadays. https://www.ricepuritytests.net/
Must Visit:
https://allsublimationprinter.com/
Usama Aslam
Sep 19, 2022, 3:11:57 PM9/19/22
to
On Friday, September 2, 2022 at 12:16:48 AM UTC+5, Engineering plugin wrote:
> Hey,
> I have also found this on a site https://thericepuritytest.org , anyone can help me out?
I also faced same error on my website must visit:
> Hey,
> I have also found this on a site https://thericepuritytest.org , anyone can help me out?
https://usamaaslam.info/how-to-stream-vr-games-on-discord/
mushahid Hussain
Nov 6, 2022, 1:16:54 PM11/6/22
to
Message has been deleted
Frank Downing
Dec 9, 2022, 2:19:18 PM12/9/22
to
Yea 100% true but https://www.lgcdecorators.co.uk/painters-decorators-west-london/ealing/ can help
Kenneth Graham
Dec 12, 2022, 2:44:51 PM12/12/22
to
I have also found this on a site https://www.screens-people.com/product/5d10k25568-fhd-lcd-display-screen-front-glass-for-lenovo-y700-15isk-non-touch/ , anyone can help me out?
Robert Rodriguez
Jan 8, 2023, 3:30:32 PM1/8/23
to
I have configured my APACHE web server https://wordle-unlimited.us/wordle-italiano/ for client certificate (mutual) authentication.
Muhammad Irfan
Jan 11, 2023, 11:41:31 AM1/11/23
to
On Monday, January 9, 2023 at 1:30:32 AM UTC+5, Robert Rodriguez wrote:
> I have configured my APACHE web server https://wordle-unlimited.us/wordle-italiano/ for client certificate (mutual) authentication.
Yes you're right. Keep sharing such a valuable stuff. https://www.ufabet168.info/
> I have configured my APACHE web server https://wordle-unlimited.us/wordle-italiano/ for client certificate (mutual) authentication.
Usman Qadir
Jan 14, 2023, 4:32:28 PM1/14/23
to
Usman Qadir
Jan 18, 2023, 5:43:02 AM1/18/23
to
If you're on a tight budget, opt for new bedding first, but don't skimp on thread count! Buy as well as you can afford to spend in this area — it makes a huge difference. If you have a little more money, paint the bedroom walls to complement your new bedding. Also see https://webuyhousesindenver.org/sell-my-house-fast-thornton-co/
Slot imbig
Jan 20, 2023, 10:29:18 PM1/20/23
to
สล็อตbetflik เกมสล็อต แทงบอลออนไลน์ แตกง่าย แตกหนัก แจกจริง เว็บตรงมาแรง แห่งปี 2023
https://sexypg89.com/%e0%b8%aa%e0%b8%a5%e0%b9%87%e0%b8%ad%e0%b8%95betflik/
Slot imbig
Jan 20, 2023, 10:30:54 PM1/20/23
to
SexyPG89 สล็อตbetflik เกมสล็อต แทงบอลออนไลน์ แตกง่าย แตกหนัก แจกจริง เว็บตรงมาแรง แห่งปี 2023
https://sexypg89.com/%e0%b8%aa%e0%b8%a5%e0%b9%87%e0%b8%ad%e0%b8%95betflik/
usman qadir
Feb 2, 2023, 7:02:58 AM2/2/23
to
There are plenty of 'affordable' finishing touches which can make your home look and feel more luxurious – some of which can actually be free!
Paint a feature wall. ...
Go big with wall art. ...
Redecorate / paint. ...
Use colour cleverly. ...
Declutter. ...
Decorate with candles and mirrors. ...
Add house plants and flowers.
https://www.nauradika.com/
Paint a feature wall. ...
Go big with wall art. ...
Redecorate / paint. ...
Use colour cleverly. ...
Declutter. ...
Decorate with candles and mirrors. ...
Add house plants and flowers.
https://www.nauradika.com/
Robert Rodriguez
Mar 30, 2023, 3:19:06 PM3/30/23
to
if you are planning to spend a lot of time exploring the Vatican’s many attractions. In this blog post, we will answer the question, “Can you take a backpack into the Vatican?”
https://visitingthevatican.com/
https://visitingthevatican.com/
AS freelancing
Apr 4, 2023, 12:15:20 PM4/4/23
to
AS freelancing
Apr 4, 2023, 12:20:07 PM4/4/23
to
hey ... this issue is also act on the site https://legalcpn.com/
if anyone can take action on this issue tell me to.
if anyone can take action on this issue tell me to.
Adnan
Apr 5, 2023, 2:45:57 PM4/5/23
to
hello! This issue is going to affect a lot of users but this site may help
<url>https://www.ahsaasprogram.pk/ehsaas-emergency-cash-program/</url>
<url>https://www.ahsaasprogram.pk/ehsaas-emergency-cash-program/</url>
Eshal Fatima
Apr 13, 2023, 3:56:27 PM4/13/23
to
On Wednesday, 5 April 2023 at 23:45:57 UTC+5, Adnan wrote:
Who is the cast of Goosebumps 3?
Cast (11)
Erica Fairfield. Trina O'Dell (as Erica Lancaster) Blair Slater. Daniel O'Dell.
Hayden Christensen. Zane. Martin Doyle. Mr. Dan O'Dell.
Belinda Metz. Mrs. O'Dell. Ray Kahnert. Cal.
Annick Obonsawin. Slappy. Cal Dodd. Slappy (voice)
Jordan Prentice. Rocky. Eugene Lipinski. Rocky (voice)
https://teamrockie.com/get-ready-for-goosebumps-3-release-date-cast-plot-and-preview/
Who is the cast of Goosebumps 3?
Cast (11)
Erica Fairfield. Trina O'Dell (as Erica Lancaster) Blair Slater. Daniel O'Dell.
Hayden Christensen. Zane. Martin Doyle. Mr. Dan O'Dell.
Belinda Metz. Mrs. O'Dell. Ray Kahnert. Cal.
Annick Obonsawin. Slappy. Cal Dodd. Slappy (voice)
Jordan Prentice. Rocky. Eugene Lipinski. Rocky (voice)
https://teamrockie.com/get-ready-for-goosebumps-3-release-date-cast-plot-and-preview/
Adnan Sohail Bhatti
Apr 15, 2023, 3:06:45 PM4/15/23
to
According to RFC, it is unacceptable to turn off important extension tests. "Critical extension" is a certificate extension that is used to compel specific processing of the certificate. If an
Implementation must stop processing the certificate if it does not comprehend a specific, important extension.https://ghdsportsapk.org
Implementation must stop processing the certificate if it does not comprehend a specific, important extension.https://ghdsportsapk.org
Imran Shoail
Apr 15, 2023, 5:18:48 PM4/15/23
to
On Sunday, April 16, 2023 at 12:06:45 AM UTC+5, Adnan Sohail Bhatti wrote:
> According to RFC, it is unacceptable to turn off important extension tests. "Critical extension" is a certificate extension that is used to compel specific processing of the certificate. If an
>
> Implementation must stop processing the certificate if it does not comprehend a specific, important extension.https://ghdsportsapk.org
The error message you're seeing is related to certificate verification, indicating that a critical extension in the certificate could not be handled. This could be caused by a few different things, including an invalid or corrupted certificate, a mismatch between the domain name and the certificate, or an issue with the certificate authority.
> According to RFC, it is unacceptable to turn off important extension tests. "Critical extension" is a certificate extension that is used to compel specific processing of the certificate. If an
>
> Implementation must stop processing the certificate if it does not comprehend a specific, important extension.https://ghdsportsapk.org
To troubleshoot this issue, you can try the following steps:
Check the validity of the certificate: Verify that the certificate is valid and has not expired. You can do this by checking the expiration date and ensuring that the certificate has been issued by a trusted certificate authority.
Verify the domain name: Ensure that the domain name on the certificate matches the domain name of the website or application you're trying to access. A mismatch between the domain name and the certificate can cause this error.
Check the certificate authority: If the certificate was issued by an untrusted or unknown certificate authority, your system may not be able to verify the certificate. Verify that the certificate authority is trusted by your system and that the certificate chain is complete.
Update your system: Make sure that your system is up-to-date with the latest security patches and updates. This can help ensure that your system can handle the certificate extension correctly.
If you're still experiencing issues after trying these steps, you may need to contact the website or application administrator for further assistance.
8171 https://ehsaas8171.com/nser-new-registration/
Imran Shoail
Apr 15, 2023, 5:19:14 PM4/15/23
to
Bisp 8171
Apr 15, 2023, 5:20:00 PM4/15/23
to
Dan L
Apr 15, 2023, 5:20:33 PM4/15/23
to
Jared W
Apr 15, 2023, 5:21:17 PM4/15/23
to
https://bisp8171.com/%d8%a7%d8%ad%d8%b3%d8%a7%d8%b3-%d9%be%d8%b1%d9%88%da%af%d8%b1%d8%a7%d9%85-8171/
احساس پروگرام 8171 ویب پورٹل Ehsaastracking pass gov pk 2023
احساس پروگرام 8171 ویب پورٹل Ehsaastracking pass gov pk 2023
Employees Portal
Apr 16, 2023, 4:50:06 AM4/16/23
to
Yes this error is a critical issue and everyone need to take some extra care to resolve this issue. it is unacceptable to ignore https://employeesportal.info/8171-ehsaas-program-check-online/.
Ehsaas Program
Apr 16, 2023, 5:19:22 AM4/16/23
to
To resolve this issue, you can take the following steps:
Check the Apache configuration file for errors and misconfigurations. Look for any SSL-related directives and make sure they are properly configured.
Verify that the SSL certificate is properly installed and not expired. Also, ensure that the SSL certificate chain is properly configured.
Check the firewall or proxy server settings to make sure the necessary ports and protocols are allowed through.
Enable logging in Apache to get more information about the problem. Look for error messages related to mutual authentication.
Consult the documentation and support resources for the specific Apache extensions you are using to see if there are any known issues or troubleshooting steps that can help.
By following these steps, you should be able to identify and resolve the problem of mutual authentication failures with Apache and its critical extensions.
https://ehsaasprogram.pk/8171-check-online/
Check the Apache configuration file for errors and misconfigurations. Look for any SSL-related directives and make sure they are properly configured.
Verify that the SSL certificate is properly installed and not expired. Also, ensure that the SSL certificate chain is properly configured.
Check the firewall or proxy server settings to make sure the necessary ports and protocols are allowed through.
Enable logging in Apache to get more information about the problem. Look for error messages related to mutual authentication.
Consult the documentation and support resources for the specific Apache extensions you are using to see if there are any known issues or troubleshooting steps that can help.
By following these steps, you should be able to identify and resolve the problem of mutual authentication failures with Apache and its critical extensions.
https://ehsaasprogram.pk/8171-check-online/
sunny bhatti
Apr 16, 2023, 4:10:59 PM4/16/23
to
Similar to other technological devices, smart TVs occasionally need to be reset from the factory. For the majority of users, resetting a device to its factory settings solves most problems.
Using the remote, a Samsung TV is simple to reset. What about resetting a television without a remote?
https://www.displaypick.com/how-to-reset-samsung-smart-tv-without-remote/
Using the remote, a Samsung TV is simple to reset. What about resetting a television without a remote?
https://www.displaypick.com/how-to-reset-samsung-smart-tv-without-remote/
Bisp 8171
Apr 17, 2023, 4:16:41 PM4/17/23
to
Thanks for I hope you need Some money get ready for registered
https://ehsaas8171.com/8171-registration-%d9%88%db%8c%d8%a8-%d9%be%d9%88%d8%b1%d9%b9%d9%84/
https://ehsaas8171.com/8171-registration-%d9%88%db%8c%d8%a8-%d9%be%d9%88%d8%b1%d9%b9%d9%84/
Jared W
Apr 17, 2023, 4:17:37 PM4/17/23
to
Muhammad Imran
Apr 17, 2023, 4:19:23 PM4/17/23
to
Iesco Online Bill 2023 | How To Iesco Bill Online Check
https://dreamyworldinfo.com/iesco-online-bill-2022-2023-how-to-iesco-bill-online-dreamyworldinfo/
https://dreamyworldinfo.com/iesco-online-bill-2022-2023-how-to-iesco-bill-online-dreamyworldinfo/
sunny bhatti
Apr 26, 2023, 3:10:54 PM4/26/23
to
Unmanned aerial vehicle (UAV) enthusiasts can learn how to succeed in the drone industry through Discovery of Tech, which offers drone news, reviews, lessons, and advice. https://discoveryoftech.com/
Shoukat Khan
Apr 30, 2023, 2:02:08 AM4/30/23
to
On Thursday, 27 April 2023 at 00:10:54 UTC+5, sunny bhatti wrote:
> Unmanned aerial vehicle (UAV) enthusiasts can learn how to succeed in the drone industry through Discovery of Tech, which offers drone news, reviews, lessons, and advice. https://discoveryoftech.com/
https://islamicdatetodays.com/
> Unmanned aerial vehicle (UAV) enthusiasts can learn how to succeed in the drone industry through Discovery of Tech, which offers drone news, reviews, lessons, and advice. https://discoveryoftech.com/
Islamic Date Today
Jared W
May 12, 2023, 10:26:22 AM5/12/23
to
Thanks for choosing i am very happy
Jared W
May 12, 2023, 10:26:54 AM5/12/23
to
https://ehsaas8171.com/ehsaas-rashan-registration/
This is very impressive article and i am satisfied
This is very impressive article and i am satisfied
Jared W
May 12, 2023, 10:27:21 AM5/12/23
to
Dan L
May 12, 2023, 10:28:27 AM5/12/23
to
Malik Sarfaraz
May 12, 2023, 10:30:42 AM5/12/23
to
Hussnain Sohail
May 14, 2023, 3:20:58 PM5/14/23
to
On Friday, 12 May 2023 at 7:30:42 pm UTC+5, Malik Sarfaraz wrote:
> https://bisp8171.com/
check out this for more help https://ehsaskafalatprogram.com/
> https://bisp8171.com/
check out this for more help https://ehsaskafalatprogram.com/
Malik Sarfaraz
May 16, 2023, 6:45:36 AM5/16/23
to
FX Rana
May 18, 2023, 1:15:58 AM5/18/23
to
Read honest review about OctaFX. we have publish all factors of octafx. https://findforexbroker.com/brokers/octafx-review/
FX Rana
May 18, 2023, 1:16:55 AM5/18/23
to
isra Jahangir
May 21, 2023, 8:27:51 PM5/21/23
to
On Thursday, May 18, 2023 at 10:16:55 AM UTC+5, FX Rana wrote:
> https://findforexbroker.com/
https://ehsaas8171program.com/
> https://findforexbroker.com/
https://ehsaas8171program.com/
isra Jahangir
May 21, 2023, 8:28:53 PM5/21/23
to
On Thursday, May 18, 2023 at 10:16:55 AM UTC+5, FX Rana wrote:
vist the best website
https://ehsaas8171program.com/
FX Rana
May 25, 2023, 5:12:25 AM5/25/23
to
Robert Rodriguez
May 31, 2023, 1:14:45 PM5/31/23
to
The peels combine powerful Alpha and Beta hydroxy acids https://velbehag.no/, with active ingredients such as retinol, ubiquinone, reservatrol, antioxidants, vitamins and soothing plant extracts.
bay Nzeer
Jun 3, 2023, 9:18:06 AM6/3/23
to
On Monday, 7 June 2010 at 17:10:46 UTC+8, scott_t...@yahoo.com wrote:
> Bonjour All Users,
> My setup has a ROOT CA and 3 level of Sub CA's. I have generated apache web server and client certificates from every the ROOT and Sub CA's.
> I have configured my APACHE web server for client certificate (mutual) authentication. I have generated the apache web server certificate and client certificates from the ROOT CA with proper extensions. In case of Root CA, it works well. Mutual authentication works fine.
> In case of Sub CA, the apache web server certifictae and client certificates are generated by SubCA with the same extensions/profile as in case of ROOT CA. But when i try to authenticate users from Sub CA's then following error occurs "unhandled critical extension". SSLCACertificateFile contains the concatenated certifcates of all the CA's( issuing CA certtificate is at top and Root ca certificate is at bottom of this file)
>
> Here is my vhost file
> NameVirtualHost *:80
> NameVirtualHost *:443
> <VirtualHost *:80>
> DocumentRoot /srv/www/htdocs/
> ServerName XXXXXXXXXXXXXX
> RewriteEngine On
> RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
> </VirtualHost>
> <VirtualHost *:443>
> DocumentRoot /srv/www/htdocs/
> ServerName XXXXXXXXX
> SSLEngine on
> SSLCipherSuite HIGH
> SSLProtocol all -SSLv2
> SSLCertificateFile /etc/apache2/certificates/cert.pem
> SSLCertificateKeyFile /etc/apache2/certificates/key.pem
> SSLCACertificateFile /etc/apache2/certificates/chain.pem
> #SSLCertificateChainFile /etc/apache2/certificates/chain.pem
> //chain.pem contains all the upper level certificates concanetated such that (1st certificate is of issuing CA , going downward towards the root CA...
> // i have also tried with the SSLCertificateChainFile directive but the error is same ...
> <Directory "/srv/www/htdocs/">
> SSLVerifyClient require
> SSLRequireSSL
> SSLRequire %{SSL_CLIENT_S_DN_CN} eq "XXXX"
> SSLVerifyDepth 3
> SSLOptions +StdEnvVars +ExportCertData
> </Directory>
> </VirtualHost>
> I am using OpenSSL version 0.9.8h release 28 May 2008 and Apache version 2.2.10-2.5 that come by default with OpenSUSE 11.1 distribution...
> This issue has already been reported in May 2006, Kindly guide me in this aspect.
> Waiting for your kind Reply
> Best Regards
> Scott Thomas
> Diarmuid Curtin-- Diarmuid Curtin wrote :
> Hi,
> I am running the following test:
> openssl 0.9.8b
> Mod_SSL 2.0.58
> I am using mod_ssl for client authentication, however, when the client
> presents the certificate, the following error appears
> [error] Certificate Verification: Error (34): unhandled critical extension
> in Apache log, and the SSL handshake fails.
> When I use openssl -verify on the certificate, it seems happy.
> Is there a way I can ask mod_ssl or openssl to ignore critical extensions?
> I am aware that this is not good practice, however, I need to demo this
> setup and there does not seem to be any other way forward.
> i.e. is there a flag in openssl that can turn this checking off temporarily
> & how can I do this?
> Diarmuid
>
> --
> This message was sent on behalf of scott_t...@yahoo.com at openSubscriber.com
> http://www.opensubscriber.com/message/openss...@openssl.org/4108750.html
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openss...@openssl.org
> Automated List Manager majo...@openssl.org
Watch Online Video Episode Tere Ishq Mein Ghayal , Colors Tv New Drama Serial Tere Ishq Mein Ghayal Latest All Episodes Online , Tere Ishq Mein Ghayal Full Episode Online, Watch Tere Ishq Mein Ghayal online today episode.
https://tereishqmeinghayal.net
> Bonjour All Users,
> My setup has a ROOT CA and 3 level of Sub CA's. I have generated apache web server and client certificates from every the ROOT and Sub CA's.
> I have configured my APACHE web server for client certificate (mutual) authentication. I have generated the apache web server certificate and client certificates from the ROOT CA with proper extensions. In case of Root CA, it works well. Mutual authentication works fine.
> In case of Sub CA, the apache web server certifictae and client certificates are generated by SubCA with the same extensions/profile as in case of ROOT CA. But when i try to authenticate users from Sub CA's then following error occurs "unhandled critical extension". SSLCACertificateFile contains the concatenated certifcates of all the CA's( issuing CA certtificate is at top and Root ca certificate is at bottom of this file)
>
> Here is my vhost file
> NameVirtualHost *:80
> NameVirtualHost *:443
> <VirtualHost *:80>
> DocumentRoot /srv/www/htdocs/
> ServerName XXXXXXXXXXXXXX
> RewriteEngine On
> RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
> </VirtualHost>
> <VirtualHost *:443>
> DocumentRoot /srv/www/htdocs/
> ServerName XXXXXXXXX
> SSLEngine on
> SSLCipherSuite HIGH
> SSLProtocol all -SSLv2
> SSLCertificateFile /etc/apache2/certificates/cert.pem
> SSLCertificateKeyFile /etc/apache2/certificates/key.pem
> SSLCACertificateFile /etc/apache2/certificates/chain.pem
> #SSLCertificateChainFile /etc/apache2/certificates/chain.pem
> //chain.pem contains all the upper level certificates concanetated such that (1st certificate is of issuing CA , going downward towards the root CA...
> // i have also tried with the SSLCertificateChainFile directive but the error is same ...
> <Directory "/srv/www/htdocs/">
> SSLVerifyClient require
> SSLRequireSSL
> SSLRequire %{SSL_CLIENT_S_DN_CN} eq "XXXX"
> SSLVerifyDepth 3
> SSLOptions +StdEnvVars +ExportCertData
> </Directory>
> </VirtualHost>
> I am using OpenSSL version 0.9.8h release 28 May 2008 and Apache version 2.2.10-2.5 that come by default with OpenSUSE 11.1 distribution...
> This issue has already been reported in May 2006, Kindly guide me in this aspect.
> Waiting for your kind Reply
> Best Regards
> Scott Thomas
> Diarmuid Curtin-- Diarmuid Curtin wrote :
> Hi,
> I am running the following test:
> openssl 0.9.8b
> Mod_SSL 2.0.58
> I am using mod_ssl for client authentication, however, when the client
> presents the certificate, the following error appears
> [error] Certificate Verification: Error (34): unhandled critical extension
> in Apache log, and the SSL handshake fails.
> When I use openssl -verify on the certificate, it seems happy.
> Is there a way I can ask mod_ssl or openssl to ignore critical extensions?
> I am aware that this is not good practice, however, I need to demo this
> setup and there does not seem to be any other way forward.
> i.e. is there a flag in openssl that can turn this checking off temporarily
> & how can I do this?
> Diarmuid
>
> --
> This message was sent on behalf of scott_t...@yahoo.com at openSubscriber.com
> http://www.opensubscriber.com/message/openss...@openssl.org/4108750.html
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openss...@openssl.org
> Automated List Manager majo...@openssl.org
Watch Online Video Episode Tere Ishq Mein Ghayal , Colors Tv New Drama Serial Tere Ishq Mein Ghayal Latest All Episodes Online , Tere Ishq Mein Ghayal Full Episode Online, Watch Tere Ishq Mein Ghayal online today episode.
https://tereishqmeinghayal.net
Zaman Khan
Jun 4, 2023, 3:34:11 AM6/4/23
to
subhan ali
Jun 7, 2023, 8:16:01 AM6/7/23
to
A tech zone is a particular region or domain that specialises in technology-related subjects, goods, services, or sectors. It might be a physical site, such a conference centre or expo where businesses display their most recent technical advancements. https://techzone-agency.com/
Moazzam SEO
Jun 15, 2023, 2:28:39 PM6/15/23
to
On Wednesday, June 7, 2023 at 5:16:01 PM UTC+5, subhan ali wrote:
> A tech zone is a particular region or domain that specialises in technology-related subjects, goods, services, or sectors. It might be a physical site, such a conference centre or expo where businesses display their most recent technical advancements. https://techzone-agency.com/
Discover the charm of Bangkok with our comprehensive MRT map, ensuring you don't miss any must-visit spots.
> A tech zone is a particular region or domain that specialises in technology-related subjects, goods, services, or sectors. It might be a physical site, such a conference centre or expo where businesses display their most recent technical advancements. https://techzone-agency.com/
https://washingtonmetromap.us/
Moazzam SEO
Jun 15, 2023, 2:29:31 PM6/15/23
to
Robert Rodriguez
Jun 18, 2023, 4:16:51 PM6/18/23
to
Genom att gå över till förnybar energi kan samhällen minska beroendet av fossila bränslen, mildra klimatförändringarna, främja hållbar utveckling och skapa en renare och mer hållbar framtid.
http://energinyheter.com/
http://energinyheter.com/
Waqas Khan
Jun 23, 2023, 10:09:10 AM6/23/23
to
Moazzam SEO
Jun 24, 2023, 2:15:34 PM6/24/23
to
Shoukat Khan
Jun 25, 2023, 10:11:19 AM6/25/23
to
asif khan
Jun 26, 2023, 6:07:26 AM6/26/23
to
asif khan
Jun 26, 2023, 6:08:03 AM6/26/23
to
On Sunday, 25 June 2023 at 07:11:19 UTC-7, Shoukat Khan wrote:
</a>
Rose J
Jun 26, 2023, 3:14:52 PM6/26/23
to
Gk Pakistan
Jun 29, 2023, 4:51:24 PM6/29/23
to
Gk Pakistan
Jun 29, 2023, 4:56:39 PM6/29/23
to
To resolve this issue, you can take the following steps:
Check the Apache configuration file for errors and misconfigurations. Look for any SSL-related directives and make sure they are properly configured.
Verify that the SSL certificate is properly installed and not expired. Also, ensure that the SSL certificate chain is properly configured.
Check the firewall or proxy server settings to make sure the necessary ports and protocols are allowed through.
Enable logging in Apache to get more information about the problem. Look for error messages related to mutual authentication.
Consult the documentation and support resources for the specific Apache extensions you are using to see if there are any known issues or troubleshooting steps that can help.
By following these steps, you should be able to identify and resolve the problem of mutual authentication failures with Apache and its critical extensions.
> https://8171program.com/
Check the Apache configuration file for errors and misconfigurations. Look for any SSL-related directives and make sure they are properly configured.
Verify that the SSL certificate is properly installed and not expired. Also, ensure that the SSL certificate chain is properly configured.
Check the firewall or proxy server settings to make sure the necessary ports and protocols are allowed through.
Enable logging in Apache to get more information about the problem. Look for error messages related to mutual authentication.
Consult the documentation and support resources for the specific Apache extensions you are using to see if there are any known issues or troubleshooting steps that can help.
By following these steps, you should be able to identify and resolve the problem of mutual authentication failures with Apache and its critical extensions.
> https://8171program.com/
World View
Jul 5, 2023, 4:40:18 AM7/5/23
to
Bonjour Scott Thomas,
It appears that you are encountering an "unhandled critical extension" error when trying to authenticate users with certificates generated by the Sub CAs. This issue has been reported in the past, but I'll do my best to guide you through it.
Firstly, I would recommend upgrading your OpenSSL and Apache versions if possible, as using older versions may have compatibility issues and lack important bug fixes. However, I understand that this might not be feasible depending on your specific circumstances.
To address the "unhandled critical extension" error, you can try the following steps:
Check the extensions/profiles used by the Sub CAs when generating the certificates. Ensure that they are the same as those used by the ROOT CA. Any critical extensions in the ROOT CA certificates must also be present and properly handled in the Sub CA certificates.
Confirm that the concatenation of the certificates in the SSLCACertificateFile is correct. The issuing CA certificate should be at the top, followed by its parent CA certificate, and so on until the root CA certificate is at the bottom. Verify that the order is correct and that no additional certificates or unnecessary whitespace is present.
In your Apache configuration, try using the SSLCertificateChainFile directive instead of SSLCACertificateFile. The SSLCertificateChainFile directive is used to specify the intermediate certificates (Sub CAs) that complete the chain between the server certificate and the root CA. Make sure the file provided contains all necessary intermediate certificates.
Example:
bash
Copy code
SSLCertificateChainFile /etc/apache2/certificates/chain.pem
Ensure that the SSLVerifyDepth directive is properly set to a value that accommodates the depth of your certificate chain. In your case, since you have a ROOT CA and 3 levels of Sub CAs, you may need to set it to at least 4.
Example:
Copy code
SSLVerifyDepth 4
Restart the Apache web server to apply the changes and test the mutual authentication with the Sub CA client certificates again.
If the above steps do not resolve the issue, there might be some specific configuration or compatibility problem related to your OpenSSL and Apache versions. In that case, you might need to consider upgrading to more recent versions or consulting the official documentation and support channels for OpenSSL and Apache.
I hope this helps you resolve the "unhandled critical extension" error. If you have any further questions or need additional assistance, please let me know.
Best regards,
http://8171webportal.com/
It appears that you are encountering an "unhandled critical extension" error when trying to authenticate users with certificates generated by the Sub CAs. This issue has been reported in the past, but I'll do my best to guide you through it.
Firstly, I would recommend upgrading your OpenSSL and Apache versions if possible, as using older versions may have compatibility issues and lack important bug fixes. However, I understand that this might not be feasible depending on your specific circumstances.
To address the "unhandled critical extension" error, you can try the following steps:
Check the extensions/profiles used by the Sub CAs when generating the certificates. Ensure that they are the same as those used by the ROOT CA. Any critical extensions in the ROOT CA certificates must also be present and properly handled in the Sub CA certificates.
Confirm that the concatenation of the certificates in the SSLCACertificateFile is correct. The issuing CA certificate should be at the top, followed by its parent CA certificate, and so on until the root CA certificate is at the bottom. Verify that the order is correct and that no additional certificates or unnecessary whitespace is present.
In your Apache configuration, try using the SSLCertificateChainFile directive instead of SSLCACertificateFile. The SSLCertificateChainFile directive is used to specify the intermediate certificates (Sub CAs) that complete the chain between the server certificate and the root CA. Make sure the file provided contains all necessary intermediate certificates.
Example:
bash
Copy code
SSLCertificateChainFile /etc/apache2/certificates/chain.pem
Ensure that the SSLVerifyDepth directive is properly set to a value that accommodates the depth of your certificate chain. In your case, since you have a ROOT CA and 3 levels of Sub CAs, you may need to set it to at least 4.
Example:
Copy code
SSLVerifyDepth 4
Restart the Apache web server to apply the changes and test the mutual authentication with the Sub CA client certificates again.
If the above steps do not resolve the issue, there might be some specific configuration or compatibility problem related to your OpenSSL and Apache versions. In that case, you might need to consider upgrading to more recent versions or consulting the official documentation and support channels for OpenSSL and Apache.
I hope this helps you resolve the "unhandled critical extension" error. If you have any further questions or need additional assistance, please let me know.
Best regards,
http://8171webportal.com/
asif khan
Jul 6, 2023, 11:50:52 PM7/6/23
to
FX Rana
Jul 12, 2023, 1:37:32 PM7/12/23
to
AS freelancing
Jul 12, 2023, 1:45:06 PM7/12/23
to
YUMZ Amanita Muscaria mushroom gummies are without a doubt the best option available right now. The strength of Amanita Muscaria mushrooms is combined with the practicality and taste of gummy form in their innovative composition.https://yumzlab.com/collections/mushroom-gummies-amanita-muscaria
Salma Zulfiqar (Pringer)
Jul 14, 2023, 2:07:36 PM7/14/23
to
On Tuesday, May 16, 2023 at 3:45:36 PM UTC+5, Malik Sarfaraz wrote:
> Its a Good work by Imran Khan for that poor people.
<a href="https://pakword.com/ehsas-rashan-portal/">https://pakword.com/ehsas-rashan-portal/</a>
> Its a Good work by Imran Khan for that poor people.
<a href="https://pakword.com/ehsas-rashan-portal/">https://pakword.com/ehsas-rashan-portal/</a>
haseeb iqbal
Jul 17, 2023, 7:27:44 AM7/17/23
to
On Friday, July 16, 2021 at 10:55:34 AM UTC+5, Gaurav Joshi wrote:
> Yea 100% true but https://apkdyno.com can help to get free apks
Similar to other technological devices, smart TVs occasionally need to be reset from the factory. For the majority of users, resetting a device to its factory settings solves most problems.
Using the remote, a Samsung TV is simple to reset. What about resetting a television without a remote?
still if u want to read more about this in detail you can follow this site for reference its a very helpful material.
https://ehsaasprograme.pk/
> Yea 100% true but https://apkdyno.com can help to get free apks
Similar to other technological devices, smart TVs occasionally need to be reset from the factory. For the majority of users, resetting a device to its factory settings solves most problems.
Using the remote, a Samsung TV is simple to reset. What about resetting a television without a remote?
still if u want to read more about this in detail you can follow this site for reference its a very helpful material.
https://ehsaasprograme.pk/
haseeb iqbal
Jul 17, 2023, 7:29:37 AM7/17/23
to
Imran Shoail
Jul 18, 2023, 10:50:36 AM7/18/23
to
Breaking Bad
Jul 19, 2023, 12:30:30 PM7/19/23
to
Drop Force
Jul 20, 2023, 3:56:59 AM7/20/23
to
On Wednesday, 19 July 2023 at 09:30:30 UTC-7, Breaking Bad wrote:
> about this topic you can read more on this link very helpfull
> https://y2mate.chat
https://bisp8171.com/8171-ehsaas-program-25000-bisp-new-update/
> about this topic you can read more on this link very helpfull
> https://y2mate.chat
Drop Force
Jul 21, 2023, 9:01:30 AM7/21/23
to
hania amir
Jul 22, 2023, 11:40:55 AM7/22/23
to
Great information, you can also check Pakistan programs like Ehsaas Program https://legit.pk/8171-ehsaas-program/.
Ehsaas Web
Jul 24, 2023, 11:26:00 AM7/24/23
to
Bonjour Scott Thomas and Diarmuid Curtin,
The error "unhandled critical extension" in the context of SSL certificate verification usually indicates that the web server is encountering a critical certificate extension that it doesn't know how to handle. This can happen when using certificates issued by a Subordinate CA (Sub CA) rather than the Root CA directly. The Apache web server, by default, is more tolerant with unknown critical extensions when using the Root CA certificate, but it becomes stricter when verifying certificates issued by Sub CAs.
To address this issue and allow mutual authentication to work with certificates issued by Sub CAs, you can try the following:
Update OpenSSL and Apache: First and foremost, it's essential to update your software to the latest versions available. Using outdated versions of OpenSSL and Apache might lead to various security vulnerabilities and compatibility issues.
Check Certificate Extensions: Ensure that the certificate extensions/profiles used by the Sub CA to issue the server and client certificates are appropriate and compatible with Apache. Make sure that the extensions are correctly set in both the Sub CA's issuing policy and the certificates themselves.
Intermediate CA Chain: Verify that the intermediate CA certificates are correctly configured in the SSLCACertificateFile or SSLCertificateChainFile directive of your Apache virtual host. The certificates should be in the correct order, with the Sub CAs' certificates leading up to the Root CA certificate.
SSLCertificateChainFile: In your Apache configuration, try using the SSLCertificateChainFile directive instead of SSLCACertificateFile for specifying the intermediate CA chain file. This directive is commonly used for providing the certificate chain to the clients.
Update OpenSSL Configuration: If the above steps don't resolve the issue, you can try updating the OpenSSL configuration to be more permissive with critical extensions. To do this, you can add the following line to your Apache configuration:
SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
This should instruct Apache to ignore unknown critical extensions, but please note that this approach may reduce security, and it's recommended to use it only for testing and debugging purposes. https://ehsaasweb.com/ehsaas-program/
Remember, it's crucial to understand the security implications of ignoring critical extensions, and it's always better to fix the certificate configurations and update the software to be up-to-date with the latest security standards.
Lastly, I strongly advise considering upgrading your OpenSSL and Apache versions to newer and more secure releases to ensure your system's security and compatibility with modern SSL/TLS standards.
Best regards,
The error "unhandled critical extension" in the context of SSL certificate verification usually indicates that the web server is encountering a critical certificate extension that it doesn't know how to handle. This can happen when using certificates issued by a Subordinate CA (Sub CA) rather than the Root CA directly. The Apache web server, by default, is more tolerant with unknown critical extensions when using the Root CA certificate, but it becomes stricter when verifying certificates issued by Sub CAs.
To address this issue and allow mutual authentication to work with certificates issued by Sub CAs, you can try the following:
Update OpenSSL and Apache: First and foremost, it's essential to update your software to the latest versions available. Using outdated versions of OpenSSL and Apache might lead to various security vulnerabilities and compatibility issues.
Check Certificate Extensions: Ensure that the certificate extensions/profiles used by the Sub CA to issue the server and client certificates are appropriate and compatible with Apache. Make sure that the extensions are correctly set in both the Sub CA's issuing policy and the certificates themselves.
Intermediate CA Chain: Verify that the intermediate CA certificates are correctly configured in the SSLCACertificateFile or SSLCertificateChainFile directive of your Apache virtual host. The certificates should be in the correct order, with the Sub CAs' certificates leading up to the Root CA certificate.
SSLCertificateChainFile: In your Apache configuration, try using the SSLCertificateChainFile directive instead of SSLCACertificateFile for specifying the intermediate CA chain file. This directive is commonly used for providing the certificate chain to the clients.
Update OpenSSL Configuration: If the above steps don't resolve the issue, you can try updating the OpenSSL configuration to be more permissive with critical extensions. To do this, you can add the following line to your Apache configuration:
SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
This should instruct Apache to ignore unknown critical extensions, but please note that this approach may reduce security, and it's recommended to use it only for testing and debugging purposes. https://ehsaasweb.com/ehsaas-program/
Remember, it's crucial to understand the security implications of ignoring critical extensions, and it's always better to fix the certificate configurations and update the software to be up-to-date with the latest security standards.
Lastly, I strongly advise considering upgrading your OpenSSL and Apache versions to newer and more secure releases to ensure your system's security and compatibility with modern SSL/TLS standards.
Best regards,
Message has been deleted
Message has been deleted
Message has been deleted
Ehsaas Programs
Jul 25, 2023, 10:20:21 PM7/25/23
to
<a href="https://ehsaas-programs.pk/bisp-tehsil-office/">bisp tehsil office</a>
<a href="https://ehsaas-programs.pk/tag/ehsaas-tracking-pass-gov-pk-786/">ehsaas tracking</a>
<a href="https://ehsaas-programs.pk/8171-preparation-point/">8171 preparation point</a>
<a href="https://ehsaas-programs.pk/ehsaas-rashan-punjab-program/">punjab ehsaas rashan riayat</a>
<a href="https://ehsaas-programs.pk/tag/%D8%A7%D8%AD%D8%B3%D8%A7%D8%B3-%D9%BE%D8%B1%D9%88%DA%AF%D8%B1%D8%A7%D9%85-%D9%81%D9%88%D9%86-%D9%86%D9%85%D8%A8%D8%B1/">احساس پروگرام فون نمبر</a>
<a href="https://ehsaas-programs.pk/%D8%A7%D8%AD%D8%B3%D8%A7%D8%B3-%D9%BE%D8%B1%D9%88%DA%AF%D8%B1%D8%A7%D9%85-8171-pakistan/">احساس پروگرام 8171 pakistan</a>
<a href="https://ehsaas-programs.pk/ehsaas-emergency-program/">ehsaas emergency program</a>
<a href="https://ehsaas-programs.pk/">8171 portal</a>
<a href="https://ehsaas-programs.pk/">ehsaas portal</a>
<a href="https://ehsaas-programs.pk/8171-pass-gov-pk/">8171.pass.gov.pak</a>
<a href="https://ehsaas-programs.pk/8171-%D8%A7%D8%AD%D8%B3%D8%A7%D8%B3-%D9%BE%D8%B1%D9%88%DA%AF%D8%B1%D8%A7%D9%85-%D8%B1%D8%AC%D8%B3%D9%B9%D8%B1%DB%8C%D8%B4%D9%86/">احساس پروگرام 8171 pakistan</a>
<a href="https://ehsaas-programs.pk/%D8%A7%D8%AD%D8%B3%D8%A7%D8%B3-%D8%B1%D8%A7%D8%B4%D9%86/">احساس راشن رعایت پروگرام</a>
mushahid Hussain
Jul 26, 2023, 1:59:49 PM7/26/23
to
mushahid Hussain
Jul 26, 2023, 2:00:57 PM7/26/23
to
On Thursday, February 2, 2023 at 5:02:58 PM UTC+5, usman qadir wrote:
> There are plenty of 'affordable' finishing touches which can make your home look and feel more luxurious – some of which can actually be free!
> Paint a feature wall. ... https://ctabustrackers.com/
> Go big with wall art. ...
> Redecorate / paint. ...
> Use colour cleverly. ...
> Declutter. ...
> Decorate with candles and mirrors. ...
> Add house plants and flowers. https://greyhoundbustracker.info/
> https://www.nauradika.com/
> There are plenty of 'affordable' finishing touches which can make your home look and feel more luxurious – some of which can actually be free!
> Paint a feature wall. ... https://ctabustrackers.com/
> Go big with wall art. ...
> Redecorate / paint. ...
> Use colour cleverly. ...
> Declutter. ...
> Decorate with candles and mirrors. ...
> Add house plants and flowers. https://greyhoundbustracker.info/
> https://www.nauradika.com/
AS freelancing
Jul 31, 2023, 5:27:35 AM7/31/23
to
German is a West Germanic language spoken by about 100 million people worldwide. It is the official language of Germany, Austria, and parts of Switzerland. It has four cases for nouns, pronouns, and adjectives (nominative, accusative, genitive, and dative), and it has three grammatical genders (masculine, feminine, and neutral). German vocabulary includes many loanwords from Latin, Greek, and other languages. for more https://konzessionsuche.at/
Pratham Sharma
Aug 2, 2023, 12:16:05 AM8/2/23
to
Free Wordle is a game where you try to guess a secret five-letter word within a limited number of attempts. In the traditional version of the game, you have six attempts to guess the word correctly.
https://freewordle.net/
Wordle Game is a popular online word puzzle game. The objective of the game is to guess a five-letter word within six attempts.
https://wordle-game.us/
https://freewordle.net/
Wordle Game is a popular online word puzzle game. The objective of the game is to guess a five-letter word within six attempts.
https://wordle-game.us/
Ehsaas Programs
Aug 6, 2023, 1:46:15 AM8/6/23
to
<a href="https://ehsaas-programs.pk/aiou-aaghi-lms-portal/">aaghi lms portal workshop schedule</a>
<a href="https://ehsaas-programs.pk/aiou-aaghi-lms-portal/">lms aaghi portal</a>
<a href="https://ehsaas-programs.pk/bisp-payment-tracking/">bisp tracking</a>
<a href="https://ehsaas-programs.pk/aiou-aaghi-lms-portal/">lms aiou</a>
<a href="https://ehsaas-programs.pk/aiou-aaghi-lms-portal/">lms portal aiou</a>
<a href="https://ehsaas-programs.pk/aiou-aaghi-lms-portal/">aiou lms portal</a>
<a href="https://ehsaas-programs.pk/aiou-aaghi-lms-portal/">aiou lms</a>
<a href="https://ehsaas-programs.pk/ehsaas-aghosh-program/">aghosh program</a>
<a href="https://ehsaas-programs.pk/punjab-rozgar-scheme/">punjab rozgar scheme online apply</a>
<a href="https://ehsaas-programs.pk/hec-ehsaas-scholarship/">hec ehsaas scholarship</a>
Kuyhaa Me
Aug 7, 2023, 4:07:36 AM8/7/23
to
Great post! Your deep knowledge and thorough research are really impressive. I love how you make complex ideas simple and give practical examples that help me understand the topic better.
<a href="https://activators4windows.com/2023/06/01/gb-whatsapp-apk-old-version-free-download-for-android/">gb whatsapp download old version</a>
<a href="https://activators4windows.com/2023/06/01/gb-whatsapp-apk-old-version-free-download-for-android/">gb whatsapp old version</a>
<a href="https://activators4windows.com/2023/04/20/kinemaster-hack-version-apk-download/">kinemaster hack version apk download</a>
<a href="https://activators4windows.com/2023/04/19/xzxzxzxz-photoshop-cc-2021-download/">xzxzxzxz photoshop cc 2021</a>
<a href="https://activators4windows.com/2022/06/09/office-2016-activator-txt/">bit ly office2016txt</a>
<a href="https://activators4windows.com/2023/04/09/soundpad-crack/">soundpad скачать</a>
<a href="https://activators4windows.com/2023/03/10/coreldraw-2022-crackeado/">corel draw crackeado</a>
You're great at showing different perspectives and making me think critically. Your writing style is engaging, and I stayed interested from start to finish.
<a href="https://kuyhaa-me.id/">kuyhaa me</a>
<a href="https://kuyhaa-me.id/">filmora kuyhaa</a>
<a href="https://kuyhaa-me.id/">ccleaner kuyhaa</a>
<a href="https://kuyhaa-me.id/">adobe illustrator kuyhaa</a>
<a href="https://kuyhaa-me.id/">corel draw x7 kuyhaa</a>
<a href="https://kuyhaa-me.id/">adobe premiere pro kuyhaa</a>
<a href="https://kuyhaa-me.id/">kmspico kuyhaa</a>
Thank you for sharing such valuable information—I've learned a lot. Can't wait to read more! Keep up the amazing work!
<a href="https://activators4windows.com/2023/06/01/gb-whatsapp-apk-old-version-free-download-for-android/">gb whatsapp download old version</a>
<a href="https://activators4windows.com/2023/06/01/gb-whatsapp-apk-old-version-free-download-for-android/">gb whatsapp old version</a>
<a href="https://activators4windows.com/2023/04/20/kinemaster-hack-version-apk-download/">kinemaster hack version apk download</a>
<a href="https://activators4windows.com/2023/04/19/xzxzxzxz-photoshop-cc-2021-download/">xzxzxzxz photoshop cc 2021</a>
<a href="https://activators4windows.com/2022/06/09/office-2016-activator-txt/">bit ly office2016txt</a>
<a href="https://activators4windows.com/2023/04/09/soundpad-crack/">soundpad скачать</a>
<a href="https://activators4windows.com/2023/03/10/coreldraw-2022-crackeado/">corel draw crackeado</a>
You're great at showing different perspectives and making me think critically. Your writing style is engaging, and I stayed interested from start to finish.
<a href="https://kuyhaa-me.id/">kuyhaa me</a>
<a href="https://kuyhaa-me.id/">filmora kuyhaa</a>
<a href="https://kuyhaa-me.id/">ccleaner kuyhaa</a>
<a href="https://kuyhaa-me.id/">adobe illustrator kuyhaa</a>
<a href="https://kuyhaa-me.id/">corel draw x7 kuyhaa</a>
<a href="https://kuyhaa-me.id/">adobe premiere pro kuyhaa</a>
<a href="https://kuyhaa-me.id/">kmspico kuyhaa</a>
Thank you for sharing such valuable information—I've learned a lot. Can't wait to read more! Keep up the amazing work!
Message has been deleted
Top Trends
Aug 7, 2023, 7:12:36 AM8/7/23
to
Wow, I've been exploring the web for over three hours now, and among all the articles I've come across, yours stands out as an absolute gem! Your captivating content has truly captured my attention. In my humble opinion, if every web owner and blogger could create such mesmerizing pieces, the internet would become an incredibly powerful and enriching place like never before!
<a href="https://toptrendpk.com/ehsaas-program-8171-check-online-2023/">8171 Ehsaas Program</a>
<a href="https://toptrendpk.com/ehsaas-program-25000-cnic-check-online/">Ehsaas program 25000</a>
<a href="https://toptrendpk.com/ehsaas-program-cnic-check-online/">Ehsaas Program cnic Check Online</a>
<a href="https://pakstudentportal.com/">\Pak Student Portal</a>
<a href="https://toptrendpk.com">Top Trend Pk</a>
<a href="https://toptrendpk.com/ehsaas-program-8171-check-online/">8171 Check Online</a>
Top Trends
Aug 8, 2023, 2:18:45 AM8/8/23
to
On Friday, October 29, 2021 at 11:57:34 AM UTC+5, Amy Crook wrote:
> The Rice Purity Test is a 100-question survey that originated in Rice University. It is a self-graded survey that assesses the participants’ supposed degree of innocence in worldly matters (secx, drugs, deceit, and other activities assumed to be vices), generally on a percentage scale with 0% being the least pure and 100% being the purest. It used to be voluntarily tested by new students for bonding with other similar students. However, the Rice Purity Test is normally for fun nowadays. https://www.ricepuritytests.net/
https://toptrendpk.com/8171-check-online/
> The Rice Purity Test is a 100-question survey that originated in Rice University. It is a self-graded survey that assesses the participants’ supposed degree of innocence in worldly matters (secx, drugs, deceit, and other activities assumed to be vices), generally on a percentage scale with 0% being the least pure and 100% being the purest. It used to be voluntarily tested by new students for bonding with other similar students. However, the Rice Purity Test is normally for fun nowadays. https://www.ricepuritytests.net/
https://toptrendpk.com/8171-check-online/
Top Trends
Aug 8, 2023, 2:19:31 AM8/8/23
to
On Tuesday, September 20, 2022 at 12:09:42 AM UTC+5, Best Sublimation Printer wrote:
> On Friday, October 29, 2021 at 11:57:34 AM UTC+5, Amy Crook wrote:
> > The Rice Purity Test is a 100-question survey that originated in Rice University. It is a self-graded survey that assesses the participants’ supposed degree of innocence in worldly matters (secx, drugs, deceit, and other activities assumed to be vices), generally on a percentage scale with 0% being the least pure and 100% being the purest. It used to be voluntarily tested by new students for bonding with other similar students. However, the Rice Purity Test is normally for fun nowadays. https://www.ricepuritytests.net/
> We, Will Develop Your Sublimation Printing Business. Latest Reviews, Comparison & Information about sublimation printers.
> On Friday, October 29, 2021 at 11:57:34 AM UTC+5, Amy Crook wrote:
> > The Rice Purity Test is a 100-question survey that originated in Rice University. It is a self-graded survey that assesses the participants’ supposed degree of innocence in worldly matters (secx, drugs, deceit, and other activities assumed to be vices), generally on a percentage scale with 0% being the least pure and 100% being the purest. It used to be voluntarily tested by new students for bonding with other similar students. However, the Rice Purity Test is normally for fun nowadays. https://www.ricepuritytests.net/
>
> Must Visit:
> https://allsublimationprinter.com/
https://toptrendpk.com/8171-check-online/
Employees Portal
Aug 11, 2023, 11:37:15 AM8/11/23
to
Extensions in certificates can provide additional information or functionality, and when they're marked as "critical," it means that entities processing the certificate must understand the extension to ensure the certificate's validity. If the entity doesn't understand a critical extension, it's required by the X.509 standard to reject the certificate.
To resolve this:
Review Certificate Extensions: If you have control over the certificate generation or its source, review the extensions in the certificate. Remove any non-essential critical extensions or replace them with non-critical ones if possible.
Update Software: Ensure that the software or library you are using for certificate processing is up-to-date. Newer versions might support more extensions.
Contact Certificate Authority (CA): If you received this certificate from a third-party CA, contact them for more information about the extensions used in the certificate.
Adjust Configuration: In some systems, there may be configurations to relax certificate checks. However, be very cautious with this as it may introduce security risks.
If you can provide more details about the environment or the software where this error is appearing, we may be able to offer more targeted assistance.
https://employeesportal.info/8171-ehsaas-program-25000-bisp/
To resolve this:
Review Certificate Extensions: If you have control over the certificate generation or its source, review the extensions in the certificate. Remove any non-essential critical extensions or replace them with non-critical ones if possible.
Update Software: Ensure that the software or library you are using for certificate processing is up-to-date. Newer versions might support more extensions.
Contact Certificate Authority (CA): If you received this certificate from a third-party CA, contact them for more information about the extensions used in the certificate.
Adjust Configuration: In some systems, there may be configurations to relax certificate checks. However, be very cautious with this as it may introduce security risks.
If you can provide more details about the environment or the software where this error is appearing, we may be able to offer more targeted assistance.
https://employeesportal.info/8171-ehsaas-program-25000-bisp/
Message has been deleted
arzan ali
Aug 13, 2023, 6:49:49 PM8/13/23
to
https://ehsasprogramme.com/ehsaas-rashan-program/
Umair Ali
Aug 15, 2023, 4:42:14 AM8/15/23
to
Its Bhatti
Aug 17, 2023, 4:05:52 AM8/17/23
to
Ahmed Raza
Aug 21, 2023, 3:53:16 PM8/21/23
to
Balo Jett
Aug 25, 2023, 6:02:16 AM8/25/23
to
your problem easily solved if we join this website https://ehsaasprogram8171.info/
It is loading more messages.
0 new messages