httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <>
Subject RE: [users@httpd] SSLVerifyClient require in Virtual Host
Date Thu, 02 Mar 2006 08:12:49 GMT
Hi Tony,

if you want run SSL my understanding is
that your server need a certificate and
a key file too or do you have it at another place ?
 SSLCertificateFile    /path/to/conf/ssl.crt/
 SSLCertificateKeyFile /path/to/conf/ssl.key/
Than it would be better not to put your key and
crtificate files in the document root. Make this too:
 SSLCertificateFile    /path/to/conf/ssl.crt/ca.crt
"LogLevel debug" can help you later that you see what is going wrong
during the connection phase between your client and your server



-----Urspr√ľngliche Nachricht-----
Von: Tony Davies []
Gesendet: Do 02.03.2006 00:59
Betreff: [users@httpd] SSLVerifyClient require in Virtual Host

I am running Apache 2.0.55 on a Linux From Scratch box.

I am trying to get an entire virtual host to get an entire virtual host to use client certificates
to authenticate, however I can only get it to work on <Location /> directive (I havent
tried <Directory>) which forces a renogiate.

This is fine for things like Firefox which can handle the renogiation, however I plan on turning
this virtual host into a subversion repository and havent been able to get renogiation to
work with the svn client or javasvn (but that is a whole other problem).

The verifies that a client certificate isnt being sent
with my configuration. After running some tests with SSLVerifyClient require in a <Location
/> directive I can verify that firefox does send a client certificat after a renogiation.

Is this a bug? The Apache 2.0 documentation says that this is valid and should work (The howto
on the apache site for this also says this should work).



My virtual host config is as follows:

<VirtualHost *:443>
        DocumentRoot /srv/www/

        ErrorLog /var/log/apache/
        CustomLog /var/log/apache/ common
        CustomLog /var/log/apache/ "%t %{SSL_CLIENT_I_DN_CN}x

        SSLCACertificateFile /srv/www/ca.crt
        SSLVerifyClient require
        SSLVerifyDepth 1

        SSLOptions +StrictRequire


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message