httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ian Huynh" <i...@hubspan.com>
Subject RE: [users@httpd] Client Certificate Setup problem with same VirtualHost but different URI resource name
Date Tue, 21 Oct 2003 14:48:20 GMT
i used apache.exe -t instead for windowz.

came back with Syntax OK.

> -----Original Message-----
> From: Leif W [mailto:warp-9.9@usa.net]
> Sent: Tuesday, October 21, 2003 7:36 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Client Certificate Setup problem with same
> VirtualHost but different URI resource name
> 
> 
> apachectl configtest or httpd -t
> 
> ----- Original Message ----- 
> From: "Ian Huynh" <ianh@hubspan.com>
> To: <users@httpd.apache.org>
> Sent: Tuesday, October 21, 2003 10:27 AM
> Subject: RE: [users@httpd] Client Certificate Setup problem with same
> VirtualHost but different URI resource name
> 
> 
> Interesting. You are right. I am not sure if the docs is in 
> error or it's
> something in the code.
> I am not getting any error when apache starts. Is there a 
> configtest utility
> in 2.x?
> 
> 
> 
> > -----Original Message-----
> > From: Leif W [mailto:warp-9.9@usa.net]
> > Sent: Tuesday, October 21, 2003 6:59 AM
> > To: users@httpd.apache.org
> > Subject: Re: [users@httpd] Client Certificate Setup problem 
> with same
> > VirtualHost but different URI resource name
> >
> >
> > Regarding this portion:
> >
> >    <Location /abc>
> > SSLVerifyClient none
> >    </Location>
> >
> >    <Location /def>
> > SSLVerifyClient require
> >    </Location>
> >
> > The docs state the context to be Directory, not Location.
> > I'm surprised a
> > configtest didn't complain?  Or are the docs in error?  
> Beyond this, I
> > really don't know.  ;-)
> >
> > Leif
> >
> > ----- Original Message ----- 
> > From: "Ian Huynh" <ianh@hubspan.com>
> > To: <users@httpd.apache.org>
> > Sent: Tuesday, October 21, 2003 9:48 AM
> > Subject: RE: [users@httpd] Client Certificate Setup problem 
> with same
> > VirtualHost but different URI resource name
> >
> >
> > I've tried various config. some seem to work but always 
> with a little
> > caveat.
> >
> > - Things always seem to work on a GET
> >
> > - Sometimes you get a 503 on a POST, if the SSLVerifyClient
> > switches from a
> > no-cert/optional cert to require cert (the
> >   error in the log has to do with mod_ssl complaining about 
> trying to
> > renegotiate client auth on a POST)
> >
> > - Most browsers will behave funny (getting a popup dialog
> > even though there
> > are no certs present on the client
> >   ) when using SSLVerifyClient optional.  IE has option to
> > turn it off but
> > that's not the default IE behavior.
> >
> >
> > sample config:
> >
> > <VirtualHost _default_:443>
> >    SSLVerifyClient optional
> >    SSLVerifyDepth  3
> >
> > {.. other config info deleted for clarity
> > ..}
> >
> >    <Location /abc>
> > SSLVerifyClient none
> >    </Location>
> >
> >    <Location /def>
> > SSLVerifyClient require
> >    </Location>
> >
> >
> > </VirtualHost>
> >
> > > -----Original Message-----
> > > From: Leif W [mailto:warp-9.9@usa.net]
> > > Sent: Tuesday, October 21, 2003 6:22 AM
> > > To: users@httpd.apache.org
> > > Subject: Re: [users@httpd] Client Certificate Setup problem
> > with same
> > > VirtualHost but different URI resource name
> > >
> > >
> > > Hi,
> > >
> > > First I don't really know the answer but since there was no
> > > reply I figured
> > > I'd give it a shot.  I just spent a few seconds skimming
> > > http://httpd.apache.org/docs-2.0/ and found two directives
> > > which may apply.
> > > What I did was go right to the mod_ssl stuff, and look only
> > > for directives
> > > which had a directory context.
> > >
> > > SSLVerifyClient (
> > > 
> http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslverifyclient )
> > > SSLVerifyDepth (
> > > http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslverifydepth )
> > >
> > > Hope that helps,
> > >
> > > Leif
> > >
> > > ----- Original Message ----- 
> > > From: "Ian Huynh" <ianh@hubspan.com>
> > > To: <users@httpd.apache.org>
> > > Sent: Friday, October 17, 2003 12:42 PM
> > > Subject: [users@httpd] Client Certificate Setup problem with same
> > > VirtualHost but different URI resource name
> > >
> > >
> > > Apache 2.0.47 on win2k
> > >
> > > How do i setup this scenario
> > >
> > > Background: Apache WEB Server with 1 NIC card & 1 IP address
> > > bound to it.
> > > I have 2 URLs (see below) and one requires a client cert the
> > > other does not.
> > > Both URLs are in the same Virtual Host called 
> 'myserver.com' but has
> > > different
> > > URI resource name.  'abc' does not require client cert but
> > 'def' does.
> > >
> > >
> > > 1.   https://myserver.com/abc/   - this does not require cert
> > >
> > > 2.   https://myserver.com/def/   - this MUST have client cert
> > >
> > >
> > >
> > > Thanks
> > >
> > >
> > 
> ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP
> > > Server Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> > >
> > >
> > >
> > >
> > 
> ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP
> > > Server Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> > >
> > >
> >
> > 
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP
> > Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> >
> >
> >
> > 
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP
> > Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message