We Keep Coding

TLS: "wrong curve" error during client authentication

I have an Apache server that was recently upgraded from Debian 9 to Debian 10:
Apache : 2.4.25-3+deb9u13 => 2.4.52
Openssl: 1.1.0l-1~deb9u5 => 1.1.1n-0+deb10u1
Since this upgrade, connections from clients where client is authenticated (SSLVerifyClient require in Apache configuration) fails. Error in Apache debug logs is:
[Tue Apr 19 17:41:57.686913 2022] [ssl:error] [pid 19335] SSL Library Error: error:1414D17A:SSL routines:tls12_check_peer_sigalg:wrong curve
TLS_v1.2 was forced on server (Apache configuration: SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2 -TLSv1.3).
I made a wireshark capture and I am able to decode it. When authentication works (with Debian 9 version), messages exchanged are the following:
messagesExchange
When error occurs, The last "Finished" message sent by server is replaced by a TLS Alert (Level Fatal, Description: Illegal parameter).
This happens just after the client certificate is received by server, my conclusion is that the client certificate is not accepted by server.
Client certificate was generated by our PKI from a private key and a certificate signing request created on client using these commands:
openssl ecparam -genkey -name secp256k1 -noout -out ${PRIVATE_KEY}
openssl req -new -sha256 -key ${PRIVATE_KEY} -out ${CSR} -subj "/C=FR/O=XXX/OU=YYY/CN=ZZZ"
So curve used for this client certificate is secp256k1. This curve is not supported by TLS_v1.3.
If I create a private key using prime256v1 curve instead if using secp256k1, recreate CSR and certificate using the same PKI, I am able to connect to server without errors. Commands become:
openssl ecparam -genkey -name prime256v1 -noout -out /user/private_prime256v1.key
openssl req -new -sha256 -key /user/private_prime256v1.key -out /user/prime256v1.csr -subj "/C=FR/O=XXX/OU=YYY/CN=ZZZ"
So I assume my problem is linked to usage of secp256k1 curve in client certificates (and this new versions of Apache and Openssl).
I have tons of clients with certificates created from a private key using secp256k1 curve, so changing client certificates is not an option. I am looking for an Apache / mod_ssl / openssl configuration to accept client certificates using secp256k1 certificates even on this new version. I tried:
SSLOpenSSLConfCmd Groups "secp256k1:secp384r1:secp521r1:prime256v1:sect283k1:sect283r1:sect409k1:sect409r1:sect571k1:sect571r1"
without success.
There are many other parameters I can modify using SSLOpenSSLConfCmd but I didn't find any other configurations precisely linked to client authentication or to curves used in certificates.

Client authentication using self signed ssl certificate for nginx

I am hosting a nginx webserver in my LAN and I want to authenticate client who are accessing my server with ssl client certificate.I generated a self signed SSL certificate and one client certificate following some documents on google. But I am unable to authenticate client who has certificate. I am getting the following errors
When requested from Firefox:
2017/08/10 18:30:13 [info] 8994#0: *4 client sent no required SSL certificate while reading client request headers, client: 192.168.16.27, server: 192.168.26.43, request: "GET /hls1/master.m3u8 HTTP/1.1", host: "192.168.26.43"
When request using curl:
curl -v -s -k --key client.key --cert client.crt --cacert ca.crt https://192.168.26.43/hls2/master.m3u8
2017/08/10 18:30:33 [info] 8994#0: *5 client SSL certificate verify error: (18:self signed certificate) while reading client request headers, client: 192.168.16.27, server: 192.168.26.43, request: "GET /hls2/master.m3u8 HTTP/1.1", host: "192.168.26.43"
So,my question is can I use self-signed certificate to authenticate client?If so, can anyone provide the steps to achieve this?

I just stumbled over this and discovered a small pitfall which caused the same error you encountered:
error 18 at 0 depth lookup: self signed certificate
There are plenty of guides how to create a self signed client certificate, I used the following (adapted from here):
# Create the CA Key and Certificate for signing Client Certs
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
# Create the Client Key and CSR
openssl genrsa -des3 -out client.key 4096
openssl req -new -key client.key -out client.csr
# Sign the client certificate with our CA cert
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
# Convert to .p12 so import in OSX works
openssl pkcs12 -export -clcerts -inkey client.key -in client.crt -out client.p12 -name "MyKey"
However, if you use the same Organization Name (eg, company) for both your ca and your client certificate, you will see above error! (edited: important)
If openssl verify -verbose -CAfile ca.crt client.crt does not complain about a self-signed certificate, you're good to go.

The server has to trust the client certificate. In the case of a self-signed certificate, that means the certificate has to be exported from the client's keystore and imported into the server's truststore.
When the server asks for the client certificate, it also sends a list of trusted signers, and the client is only allowed to send a certificate which is ultimately signed by one of those signers. As the server didn't know about the self-signed client certificate, it didn't include that as a trusted signer, so the client was unable to send its certificate. Hence client sent no required SSL certificate while reading client request headers.

SSL handshake failing with "sslv3 alert handshake failure:SSL alert number 40"

I have a .pfx file, which can perfectly connect to the remote server when used on a windows client. I want to now connect to server using a linux client.
Problem 1) I used following openssl commands to extract public cert and private key from the pfx file,
openssl pkcs12 -in Name.pfx -nocerts -out priv.pem -nodes
openssl pkcs12 -in Name.pfx -nokeys -out pub.pem
But when I ran following two commands to verify md5 of both files, I found both of them different.
openssl rsa -noout -text -in priv.pem | openssl md5
openssl x509 -noout -text -in pub.pem | openssl md5
Problem 2) I instead used following command to extract single pem file from pfx that has both cert and key.
openssl pkcs12 -in Name.pfx -out bundle.pem
Using this pem file I tried connecting to the remote server, with following command :
openssl s_client -servername 1.2.3.4 -connect 1.2.3.4:1234 -CAfile bundle.pem -state -tls1_2
This gives following output on terminal
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 O = "My Name", CN = Name - Local
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:handshake failure
SSL_connect:failed in SSLv3 read finished A
140250807310240:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1275:SSL alert number 40
140250807310240:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:
---
Certificate chain
0 s:/O=My Name /CN=Name - Local
i:/O=My Name /CN=Name - Local
---
Server certificate
-----BEGIN CERTIFICATE-----
<random string of certificate>
-----END CERTIFICATE-----
subject=/O=My Name /CN=Name - Local
issuer=/O=My Name /CN=Name - Local
---
No client certificate CA names sent
Server Temp Key: ECDH, secp521r1, 521 bits
---
SSL handshake has read 1332 bytes and written 206 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: <some string>
Session-ID-ctx:
Master-Key: <some string>
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1495217834
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
I cant figure out why is handshake failing. Stuck for 3 days, where exactly does problem lie.

But when I ran following two commands to verify md5 of both files, I found both of them different.
openssl rsa -noout -text -in priv.pem | openssl md5
openssl x509 -noout -text -in pub.pem | openssl md5
The first command shows textual information about the private key. The second textual information about the certificate which contains the public key. Of course these information are different.
Using this pem file I tried connecting to the remote server, with following command :
openssl s_client -servername 1.2.3.4 -connect 1.2.3.4:1234 -CAfile bundle.pem -state -tls1_2
This uses the certificate as a trusted CA (-CAfile). This is probably not what you want. Instead you want to use the certificate as a client certificate. This should be done as documented by using the options -cert and -key, i.e. -cert bundle.pem -key bundle.pem in your case.
Apart from that -servername should be a hostname and not an IP address. If you don't have a hostname skip this option.
SSL_connect:SSLv3 read server certificate request A
...
SSL_connect:SSLv3 write client certificate A
...
SSL3 alert read:fatal:handshake failure
Since you don't specify the client certificate properly an empty client certificate will be send. But the server expects a valid client certificate and thus report a failed handshake within an SSL alert back to the client.

RIAK KV Error Unknown SSL protocol error in connection to

Hi I'm configuring RIAK KV to be used in SSL modus.
But when I try to do an https request I get an error that it's not able to connect with the server. IT say's something about setting up the protocol and using sha512 but can't find that in the openssl ciphers or in the rial-admin ciphers....
So hopefully somebody can help.
I have done the following steps.
#Generating certificate
## Generate Root CA and CSR
openssl genrsa -out rootCA.key 2048
openssl req -new -key rootCA.key -out rootCA.csr -subj "/C=PH/ST=PH/L=PH/O=Basho/OU=CliServ/CN=RootCA/emailAddress=dummy#dummy.com"
##Self Sign Root CA CSR and Generate a Certificate
openssl x509 -req -days 365 -in rootCA.csr -signkey rootCA.key -out rootCA-local.crt
## Generate a Key and CSR for Riak Node
openssl genrsa -out riaknode.key 2048
openssl req -new -key riaknode.key -out riaknode-local.csr -subj "/C=PH/ST=PH/L=PH/O=Basho/OU=CliServ/CN=riak/emailAddress=dummy#dummy.com"
## Sign the CSR with Root CA and Generate Certificate for Riak Node
openssl x509 -req -sha256 -days 365 -in riaknode.csr -CA rootCA-local.crt -CAkey rootCA.key -CAcreateserial -out riaknode-local.crt
mv rootCA-local.crt /etc/riak/
mv riaknode.key /etc/riak/
mv riaknode-local.crt /etc/riak/
#Configuration riak.Conf
listener.https.internal = 0.0.0.0:8098
Curl call
curl https://localhost:8098/ -k -v
* Hostname was NOT found in DNS cache
* Trying ::1...
* connect to ::1 port 8098 failed: Connection refused
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8098 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* Unknown SSL protocol error in connection to localhost:8098
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to localhost:8098
Error Log riak
2016-12-13 17:08:46.086 [error] <0.2026.0> gen_fsm <0.2026.0> in state hello terminated with reason: no function clause matching public_key:sign({digest,<<203,0,93,119,124,75,96,235,210,210,127,214,193,218,169,170,105,117,179,149,137,160,38,...>>}, sha512, undefined) line 402
2016-12-13 17:08:46.086 [error] <0.2026.0> CRASH REPORT Process <0.2026.0> with 0 neighbours exited with reason: no function clause matching public_key:sign({digest,<<203,0,93,119,124,75,96,235,210,210,127,214,193,218,169,170,105,117,179,149,137,160,38,...>>}, sha512, undefined) line 402 in gen_fsm:terminate/7 line 622
2016-12-13 17:08:46.087 [error] <0.94.0> Supervisor ssl_connection_sup had child undefined started with {tls_connection,start_link,undefined} at <0.2026.0> exit with reason no function clause matching public_key:sign({digest,<<203,0,93,119,124,75,96,235,210,210,127,214,193,218,169,170,105,117,179,149,137,160,38,...>>}, sha512, undefined) line 402 in context child_terminated
2016-12-13 17:08:46.088 [error] <0.336.0> application: mochiweb, "Accept failed error", "{'EXIT',\n {{function_clause,\n [{public_key,sign,\n [{digest,\n <<203,0,93,119,124,75,96,235,210,210,127,214,193,218,169,\n 170,105,117,179,149,137,160,38,55,117,175,204,212,231,69,\n 131,51,123,20,141,186,237,133,174,61,99,146,95,35,21,134,\n 153,134,130,138,230,235,232,149,119,107,181,244,53,198,\n 162,193,202,208>>},\n sha512,undefined],\n [{file,\"public_key.erl\"},{line,402}]},\n {ssl_handshake,enc_server_key_exchange,6,\n [{file,\"ssl_handshake.erl\"},{line,660}]},\n {tls_connection,key_exchange,1,\n [{file,\"tls_connection.erl\"},{line,1626}]},\n {tls_connection,server_certify_and_key_exchange,1,\n [{file,\"tls_connection.erl\"},{line,1550}]},\n {tls_connection,new_server_hello,2,\n [{file,\"tls_connection.erl\"},{line,1467}]},\n {tls_connection,next_state,4,\n [{file,\"tls_connection.erl\"},{line,2558}]},\n {gen_fsm,handle_msg,7,[{file,\"gen_fsm.erl\"},{line,505}]},\n {proc_lib,init_p_do_apply,3,[{file,\"proc_lib.erl\"},{line,239}]}]},\n {gen_fsm,sync_send_all_state_event,\n [<0.2026.0>,{start,infinity},infinity]}}}"
2016-12-13 17:08:46.089 [error] <0.336.0> CRASH REPORT Process <0.336.0> with 0 neighbours exited with reason: {error,accept_failed} in mochiweb_acceptor:init/3 line 33
2016-12-13 17:08:46.089 [error] <0.335.0> {mochiweb_socket_server,320,{acceptor_error,{error,accept_failed}}}

The third argument to public_key:sign/3 is the private key. That error message seems to be indicating it is undefined.
You need to configure, among others, ssl.keyfile. See
http://docs.basho.com/riak/kv/2.2.0/using/security/basics/#enabling-ssl
You may find useful information at How to create a pkcs12-certificate using sha512 for creating a certificate with sha512 enabled.

OpenSSL Client-side Certificate-based Authentication Fails

I am trying to run the following command:
[root#localhost certs]# openssl s_client -connect localhost:7043 -cert /opt/openssl-1.0.0a/ssl/certwork_client/client.crt -key /opt/openssl-1.0.0a/ssl/certwork_client/client.key -CAfile /opt/openssl-1.0.0a/ssl/certwork/ca.crt -showcerts -state -verify 2
verify depth is 2
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 C = US, ST = Florida, L = Orlando, O = Company XYZ, OU = MyApp, CN = MyApp CA
verify return:1
depth=0 C = US, ST = Florida, L = Orlando, O = Company XYZ, OU = MyApp, CN = MyApp Manager Server
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:unknown CA
SSL_connect:failed in SSLv3 read finished A
15238796:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1193:SSL alert number 48
15238796:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
---
Certificate chain
0 s:/C=US/ST=Florida/L=Orlando/O=Company XYZ/OU=MyApp/CN=MyApp Manager Server
i:/C=US/ST=Florida/L=Orlando/O=Company XYZ/OU=MyApp/CN=MyApp CA
-----BEGIN CERTIFICATE-----
MIIFWDCCA0ACAQEwDQYJKoZIhvcNAQEFBQAwajELMAkGA1UEBhMCVVMxEDAOBgNV
BAgMB0Zsb3JpZGExEDAOBgNVBAcMB09ybGFuZG8xGDAWBgNVBAoMD0xvY2toZWVk
IE1hcnRpbjEMMAoGA1UECwwDTkNSMQ8wDQYDVQQDDAZOQ1IgQ0EwHhcNMTEwMzA4
MTc0MzQ3WhcNMjEwMzA1MTc0MzQ3WjB6MQswCQYDVQQGEwJVUzEQMA4GA1UECAwH
RmxvcmlkYTEQMA4GA1UEBwwHT3JsYW5kbzEYMBYGA1UECgwPTG9ja2hlZWQgTWFy
dGluMQwwCgYDVQQLDANOQ1IxHzAdBgNVBAMMFk5DUiBTQU4gTWFuYWdlciBTZXJ2
ZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDYCut4DlfOcEXXyN1F
jNwyhEqLcdfQEDNWZDoQ/R3PfN3uTJGhYGuAgAIJZccYHF4BTTjZ5BA2u9ASYMJV
dUcCFU+mvCf3K6SzTG1/v46jBZz+C9OsQVZqc6UA/EmQKYzlDecvtukpQ6cquHBa
02JxBD3W2oZzdNWYZW6dn82YfzQGcySQhpFJMyyjf0baPV9wFKNqot7ZNiyusQTJ
g/GL8c29UJXHBYw15UMHm0dlDl2FREWEdNfbGbZCU+QTpyS059itkgmNQRKgNdBh
JpmRBJLp+iIk29JoKFJTyADR/QtIFnv/gl3P7FFvy1AZ+dGLQTHcf/MIFsbpf+s8
J7FtT+i/dCnLVDsz5e29jaSP32D0wAs66+I7ik4hOA0Eicaykwau19zkXpt1qScI
cb9ynjiGmoKzN+0ESm+S0Mr8+CgzTpfrNqDkJEgW8CQQqv8gzIYXgued+86omFvy
Qiq5ISeY13XrzbwX8NmFsByvAzWQ+emfkTF7A2HbGSpaeXWVUUqnT+BKeLk1uuGV
L8oWIGYJdjQiUGapjcU0uMxef8PKtJp3O40bqDSb5d7wONtwgEURr8583fo9415N
EMCkPiddgRet0TRATmNGgBpMpkOR5lf1WI4lgBRvHUFObbbwI7ByPyxifYtMwSFG
HVEz2MWol2cgQGWGG77nBaxPYQIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQALpEtS
b2j1eKXPzdjqB9cN0TDc87j49+dPJiinQqHvCqLN3sPpXIXeh/mPGWL71s/4pQmS
rMZwe/0vmOI5tCvUCM84xtbCW07UvtiBcOpvFjdoW9KfCvPiPiIiPs0FNUcaYcdZ
y+bxgCHDLnk3FnNW4ECqHHIpio6bvKOJKEBB1DE0kBxzv4ayqHVeRTIBahVeIun2
5XftPiScRQE+b4//qozyU9v3gzbQ1UuEFvYgWAlmllneiRw2oLpazIOrLi3YJbie
wnPnbT1wM4b/JpVUSw41NAlVY5W2OujCcQWHNAWu3UW8GE0pLTFPj/DSAV+rkb0f
l1anvsmKly5oTcxEhi4lV6VhWabsJYag5uXZMViBoUK4hZRTXIgylVrvSZWpFTgO
vgeheOT2IJ1pXJRzuuB7/8pwvqliGDIeIccwvBzlIuY9mTehyX+uAfKKQwQ0IGDG
exPIVySi4HZi6rPNbO6Q17Tz6HYdlr1NMri82lLiOgjzNH8yPHXMSYjqtT3bG9a2
YWjYeNWjFtcyVOb60UXQRf+ghc2TDBii8pZ4u9dbsVoenzevFHc+k/8Ku6RAeMjo
+BqB7wzS39jAL+AmOa3XM0GI7h3Wrj0sZs2D32VejECzn6xat+NGKE+oZH0d2RKs
eVA5Vo+zKcEFskiWWBdPhG3Flqn8pfvMLpqoDA==
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=Florida/L=Orlando/O=Company XYZ/OU=MyApp/CN=MyApp Manager Server
issuer=/C=US/ST=Florida/L=Orlando/O=Company XYZ/OU=MyApp/CN=MyApp CA
---
Acceptable client certificate CA names
/C=US/ST=Florida/L=Orlando/O=Company XYZ/OU=MyApp/CN=MyApp Client CA
---
SSL handshake has read 1615 bytes and written 3975 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 10AB798BBA57D06F61D0E970EF8919619942EC2A22131260C3718CA23ED75FD1
Session-ID-ctx:
Master-Key: D9EC43146764BAEE7E32A591C5A933914B57DA2EC479A6419EE3E822B3022E80E093798D1E17947159B7080F8AA80C85
Key-Arg : None
PSK identity: None
PSK identity hint: None
Start Time: 1299706827
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
In the server, I have the following code:
certificateFile = /opt/openssl-1.0.0a/ssl/certwork/server.crt
privatKeyFile = /opt/openssl-1.0.0a/ssl/certwork/server.key
ctx = Ctx::client_server(certificateFile, privateKeyFile);
ctx->context()->verify_mode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE;
ctx->context()->client_CA = SSL_load_client_CA_file("/opt/openssl-1.0.0a/ssl/certwork_client/ca.crt");
The context() calls methods in OpenSSL’s ssl.h.
I created the server CA (certificate authority) and server certificates with the following commands:
cd /opt/openssl-1.0.0a/ssl
mkdir certwork
chmod 600 certwork
cd certwork
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
I created the client CA and client certificates with the following commands:
cd /opt/openssl-1.0.0a/ssl
mkdir certwork_client
chmod 600 certwork_client
cd certwork_client
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
openssl genrsa -des3 -out client.key 4096
openssl req -new -key client.key -out client.csr
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
I can get server-side authentication to work via certificates, but when I add client-side authentication using certificates, I get tlsv1 alert unknown ca:s3_pkt.c:1193:SSL alert number 48 error.
I setup the client to use the server’s CA (/opt/openssl-1.0.0a/ssl/certwork/ca.crt) and I setup the server to use the client’s CA file (/opt/openssl-1.0.0a/ssl/certwork_client/ca.crt).
What am I missing?

It seems to me the server is rejecting the client certificate.
There are 3 different CA settings for TLS server:
The server chain provided to the client (SSL_CTX_add_extra_chain_cert)
The CAs you announce to support to the client (SSL_CTX_set_client_CA_list)
The CAs you actually use to verify (SSL_CTX_load_verify_locations)
You might be configuring your server with the wrong equivalent in your bindings.
Have you tested with openssl s_server ?

what do you mean "I can get server-side authentication to work" ? Normally the server-side authentication is the last one; first the client verify the identity of your server, and then it send its certificate to server.
If the client recognized your server, it mean your client have CA certificate that signed the certificate of your server, OR your server certificate.
If the server doesn't recognize your client, check your server's truststore (in JAVA), or your CACertificateFile in your apache2 configuration ...
Hope it helps

I had this problem before. It turned out that I hadn't created the correct certificate, key and signature. This quick start guide was all I needed to create them.