httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <>
Subject Re: [users@httpd] Expired certificates : how to display a contextual message
Date Wed, 07 Apr 2004 09:37:49 GMT
On Tue, Apr 06, 2004 at 05:26:15PM +0200, wrote:
> When I try to connect to mod_sll with an expired client certificate it
> brings back a 'Page Cannot be Displayed' error message. This is for
> IE.
> Mozilla brings back a contextual pop-up : "could not establish a encrypted connection
.... because your certificate is expired."
> Does anyone know how I can get it to return a 'Your certificate has
> expired' error message that explains a bit more to the client what
> exaclty happened? Can the server do that or is it only dependent on
> the client.

You can do clever things by using "SSLVerifyClient optional", and then
checking whether the client was verified using mod_rewrite, e.g.:

(you'd need to use %{LA-U:SSL_...} trick to get this to work with 2.0)

That gives you a generic "client not verified" error page...

I wrote a patch a while back which adds an SSL_CLIENT_V_REMAIN variable,
which lets you do more sophisticated things like this:


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message