httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Axel-St├ęphane SMORGRAV <Axel-Stephane.SMORG...@europe.adp.com>
Subject RE: [users@httpd] Override SSLVerifyClient
Date Tue, 10 Jan 2006 10:51:07 GMT
I am puzzled. The following works for me (Apache 2.0.54/Solaris 8):

<VirtualHost labelle16:8443>
   LogLevel warn
   ProxyRequests       Off

   ServerName labelle16

   SSLEngine On
   SSLCertificateFile /u01/etc/x509/ssl.crt/labelle16.crt
   SSLCertificateKeyFile /u01/etc/x509/ssl.key/labelle16.key

   <Location />
      SSLRequireSSL
      SSLVerifyClient Require
   </Location>

   <Location /abc/>
      SSLRequireSSL
      SSLVerifyClient none
   </Location>

</VirtualHost> 

However, contrary to what I thought, if I reverse the order of the Location sections a client
certificate is required in both cases.

-ascs

-----Original Message-----
From: Azwan Adli Abdullah [mailto:azwan@slackweb.net] 
Sent: Monday, January 09, 2006 6:11 PM
To: Axel-St├ęphane SMORGRAV
Cc: users@httpd.apache.org; azwan@slackweb.net
Subject: RE: [users@httpd] Override SSLVerifyClient

Hi,
Tried that but also doesn't work.  Any other clue?

Rgds,
Azwan
> Reverse the order of the two Location sections.
>
> -ascs
>
> -----Original Message-----
> From: Azwan Adli Abdullah [mailto:azwan@slackweb.net]
> Sent: Monday, January 09, 2006 9:14 AM
> To: users@httpd.apache.org
> Subject: [users@httpd] Override SSLVerifyClient
>
> Hi All,
> I have 1 question regarding howto override SSLVerifyClient directive 
> in Location directive.  Let say I have 10 different URLs and 1 of them 
> NO need to verify the client cert and the other 9 need to verify the 
> client cert.  Example that I've tried is as below but seems doesn't work.
>
> <Location />
>   SSLRequireSSL
>   SSLVerifyClient Require
>   Allow from all
> </Location>
>
> <Location /abc>
>    SSLRequireSSL
>    SSLVerifyClient None
>    Allow from all
> </Location>
>
> For the location /abc, it still prompt for client cert.  I've searched 
> through the net but can't find the answer.
>
> Thanks.
> Azwan.
>
> --
> Azwan Adli Abdullah
> Slackweb.net
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


--
Azwan Adli Abdullah
Slackweb.net


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message