httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] Expired certificates : how to display a contextual message
Date Wed, 07 Apr 2004 07:32:42 GMT
> -----Original Message-----
> From: nicolas.villoutreix@accenture.com
> 
> When I try to connect to mod_sll with an expired client 
> certificate it brings back a
> 'Page Cannot be Displayed' error message. This is for IE.
> 
> Mozilla brings back a contextual pop-up : "could not 
> establish a encrypted connection .... because your 
> certificate is expired."
> 
> Does anyone know how I can get it to return a 'Your 
> certificate has expired' error message that explains a bit 
> more to the client what exaclty happened? Can the server do 
> that or is it only dependent on the client.
> 
> Is there a way to redirect the user to an error page, this 
> way, the message given would not depend on the browser of the 
> client, it would be the same page for all users.

Congratulations for actually searching the archives and reading relevant
posts *before* posting a question!

Regarding your problem, I think the original respondant is correct. The
failure is occurring during the HTTPS session negotiation so no HTTP
connection is ever established so there is no way for the server to
communicate with the client. Basically, apache isn't even aware that the
client has *tried* to connect. The communication looks something like
this:

client: I want to set up an SSL session.
server: OK, I need to see your client cert.
client: Here is the cert.
server: (receives cert - oh no! It's expired!) Sorry, request denied.
client: Oh dear - (warns user with native method, drops connection).

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
>  
> 
> There was a similar post nearly two years ago that was rather 
> pessimistic about doing that, you can read it there :
> 
> http://marc.theaimsgroup.com/?l=apache-modssl&m=102461549606425&w=2
> 
> I hope there is a way to do that or to get around it.
> 
> Thanks in advance for any hint on this.
> 
>  
> 
> Nicolas.
> 
> 
> 
> This message is for the designated recipient only and may 
> contain privileged, proprietary, or otherwise private 
> information.  If you have received it in error, please notify 
> the sender immediately and delete the original.  Any other 
> use of the email by you is prohibited.
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le présent e-mail est
un message privé et personnel, sans rapport avec l'activité boursière du
Groupe SWX.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender’s company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender’s company. 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message