Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 71160 invoked from network); 7 Apr 2004 09:38:25 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 7 Apr 2004 09:38:25 -0000 Received: (qmail 68366 invoked by uid 500); 7 Apr 2004 09:37:42 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 68326 invoked by uid 500); 7 Apr 2004 09:37:42 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 68263 invoked from network); 7 Apr 2004 09:37:41 -0000 Received: from unknown (HELO mx1.redhat.com) (66.187.233.31) by daedalus.apache.org with SMTP; 7 Apr 2004 09:37:41 -0000 Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.12.10/8.12.10) with ESMTP id i379bsWB003606; Wed, 7 Apr 2004 05:37:54 -0400 Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90]) by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i379brj00369; Wed, 7 Apr 2004 05:37:53 -0400 Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1]) by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id i379bq19020217; Wed, 7 Apr 2004 10:37:52 +0100 Received: (from jorton@localhost) by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i379bnww020216; Wed, 7 Apr 2004 10:37:49 +0100 Date: Wed, 7 Apr 2004 10:37:49 +0100 From: Joe Orton To: nicolas.villoutreix@accenture.com Cc: users@httpd.apache.org Message-ID: <20040407093749.GA20179@redhat.com> Mail-Followup-To: nicolas.villoutreix@accenture.com, users@httpd.apache.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: Re: [users@httpd] Expired certificates : how to display a contextual message X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N On Tue, Apr 06, 2004 at 05:26:15PM +0200, nicolas.villoutreix@accenture.com wrote: > When I try to connect to mod_sll with an expired client certificate it > brings back a 'Page Cannot be Displayed' error message. This is for > IE. > > Mozilla brings back a contextual pop-up : "could not establish a encrypted connection .... because your certificate is expired." > > Does anyone know how I can get it to return a 'Your certificate has > expired' error message that explains a bit more to the client what > exaclty happened? Can the server do that or is it only dependent on > the client. You can do clever things by using "SSLVerifyClient optional", and then checking whether the client was verified using mod_rewrite, e.g.: http://www.modssl.org/docs/apachecon2001/slide-019-n.html (you'd need to use %{LA-U:SSL_...} trick to get this to work with 2.0) That gives you a generic "client not verified" error page... I wrote a patch a while back which adds an SSL_CLIENT_V_REMAIN variable, which lets you do more sophisticated things like this: http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=105146469801289&q=raw joe --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org