httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ezio Paglia <e...@comune.grosseto.it>
Subject [users@httpd] mod-ssl with or without client certificate
Date Thu, 22 Dec 2005 17:02:40 GMT
Server version: Apache/2.0.54

Hi all.

In our virtual hosts we have got a squirrelmail conf through https (without 
client side certificate). It works.

NameVirtualHost *:443

<VirtualHost *:443>
         ServerAdmin ezio@comune.grosseto.it
         ServerName webmail.comune.grosseto.it
         SSLEngine on
         DocumentRoot /usr/share/squirrelmail
<Directory /usr/share/squirrelmail>
         php_flag register_globals off
         Options Indexes FollowSymLinks
<IfModule mod_dir.c>
         DirectoryIndex index.php
</IfModule>
<Files configtest.php>
         order deny,allow
         deny from all
         allow from 127.0.0.1
</Files>
</Directory>
</VirtualHost>

I'd like to add another Virtual Host in order to manage client side 
certificates.

<VirtualHost *:443>
         ServerAdmin ezio@comune.grosseto.it
         ServerName ciecns.comune.grosseto.it
         LogLevel debug
         SSLEngine on
         SSLVerifyClient require
         SSLVerifyDepth 3
         SSLCACertificateFile /etc/apache2/ssl/caCerts.pem
         DocumentRoot /var/www/
</VirtualHost>

Now, if I put this section before the squirrelmail, it asks me for the 
certificate even though I point to the squirrelmail, while if the latter is 
the second section, I can access everything without any certificate. It 
sounds like if does not discriminate between client cert and no client 
certificate, it only understand the method invoked in the first virtual host.
Do you have any ideas ?

Ciao and thank you.
Merry Chistmas.
Yours Ezio.

Ezio Paglia
Sistemi e Database
Servizi Informatici (SED)
Comune di Grosseto
Ufficio : +39-0564-488706 Fax : +39-0564-21139 Cellulare : +39-320-7984950


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message