httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jorge Medina" <>
Subject RE: [users@httpd] mod_ssl + basic auth
Date Thu, 30 Oct 2008 13:55:57 GMT
Try moving SSLVerifyClient outside of the <Directory>, just in your
Also, seems that "optional" is not supported by all browsers. You must
use  "require".


From: Ricardo Ramos [] 
Sent: Wednesday, October 29, 2008 11:06 PM
Subject: [users@httpd] mod_ssl + basic auth

I want to do this: check if the client sends me a certificate which my
self-signed CA has signed or if the client is inside the same network or
if the client enters a username+password.
However, with this, I can't have my browser(s) prompting me for a
certificate.. it just seems that that part is ignored...
Any suggestions?
PS - i've seen already the ssl_howto page (in fact this is a bit based
from there)
Thanks in advance for any help!
        DocumentRoot            /var/www/intra54/html
        SSLEngine               on
        SSLCertificateFile      /var/www/intra54/ssl/intra54.crt
        SSLCertificateKeyFile   /var/www/intra54/ssl/intra54.key
        SSLCACertificateFile    /etc/pki/SSC_CA/ssc_ca.crt

        <Directory /var/www/intra54/html>
                Order                   deny,allow
                Deny                    from all
                Allow                   from

                AuthType                basic
                AuthName                "Area"
                AuthUserFile            /var/www/intra54/passwd/passwd
                Require                 valid-user

                Satisfy                 any

                SSLVerifyClient         optional
                SSLVerifyDepth          1
                SSLOptions              -StrictRequire

#               SSLRequireSSL

View raw message