httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ian Huynh" <i...@hubspan.com>
Subject RE: [users@httpd] Client Certificate Setup problem with same VirtualHost but different URI resource name
Date Tue, 21 Oct 2003 13:48:43 GMT
I've tried various config. some seem to work but always with a little caveat.

- Things always seem to work on a GET

- Sometimes you get a 503 on a POST, if the SSLVerifyClient switches from a no-cert/optional
cert to require cert (the
  error in the log has to do with mod_ssl complaining about trying to renegotiate client auth
on a POST)

- Most browsers will behave funny (getting a popup dialog even though there are no certs present
on the client
  ) when using SSLVerifyClient optional.  IE has option to turn it off but that's not the
default IE behavior.


sample config:

<VirtualHost _default_:443>
   SSLVerifyClient optional
   SSLVerifyDepth  3

{.. other config info deleted for clarity
..}
 
   <Location /abc>
	SSLVerifyClient none
   </Location>

   <Location /def>
	SSLVerifyClient require
   </Location>


</VirtualHost>

> -----Original Message-----
> From: Leif W [mailto:warp-9.9@usa.net]
> Sent: Tuesday, October 21, 2003 6:22 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Client Certificate Setup problem with same
> VirtualHost but different URI resource name
> 
> 
> Hi,
> 
> First I don't really know the answer but since there was no 
> reply I figured
> I'd give it a shot.  I just spent a few seconds skimming
> http://httpd.apache.org/docs-2.0/ and found two directives 
> which may apply.
> What I did was go right to the mod_ssl stuff, and look only 
> for directives
> which had a directory context.
> 
> SSLVerifyClient (
> http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslverifyclient )
> SSLVerifyDepth (
> http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslverifydepth )
> 
> Hope that helps,
> 
> Leif
> 
> ----- Original Message ----- 
> From: "Ian Huynh" <ianh@hubspan.com>
> To: <users@httpd.apache.org>
> Sent: Friday, October 17, 2003 12:42 PM
> Subject: [users@httpd] Client Certificate Setup problem with same
> VirtualHost but different URI resource name
> 
> 
> Apache 2.0.47 on win2k
> 
> How do i setup this scenario
> 
> Background: Apache WEB Server with 1 NIC card & 1 IP address 
> bound to it.
> I have 2 URLs (see below) and one requires a client cert the 
> other does not.
> Both URLs are in the same Virtual Host called 'myserver.com' but has
> different
> URI resource name.  'abc' does not require client cert but 'def' does.
> 
> 
> 1.   https://myserver.com/abc/   - this does not require cert
> 
> 2.   https://myserver.com/def/   - this MUST have client cert
> 
> 
> 
> Thanks
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message