httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jorge Medina" <jmed...@e-dialog.com>
Subject RE: [users@httpd] mod_ssl + basic auth
Date Thu, 30 Oct 2008 13:55:57 GMT
 
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslverifyclient
 
Try moving SSLVerifyClient outside of the <Directory>, just in your
<VirtualHost>.  
 
Also, seems that "optional" is not supported by all browsers. You must
use  "require".
 


________________________________

From: Ricardo Ramos [mailto:battery.in.your.leg@gmail.com] 
Sent: Wednesday, October 29, 2008 11:06 PM
To: users@httpd.apache.org
Subject: [users@httpd] mod_ssl + basic auth


Hi!
 
I want to do this: check if the client sends me a certificate which my
self-signed CA has signed or if the client is inside the same network or
if the client enters a username+password.
 
However, with this, I can't have my browser(s) prompting me for a
certificate.. it just seems that that part is ignored...
 
Any suggestions?
 
PS - i've seen already the ssl_howto page (in fact this is a bit based
from there)
 
Thanks in advance for any help!
 
Ricardo
 
<VirtualHost 10.254.0.54:443>
        ServerName              intra54.dei.uc.pt
        DocumentRoot            /var/www/intra54/html
        ServerAdmin             lame@lamest.org
        SSLEngine               on
        SSLCertificateFile      /var/www/intra54/ssl/intra54.crt
        SSLCertificateKeyFile   /var/www/intra54/ssl/intra54.key
        SSLCACertificateFile    /etc/pki/SSC_CA/ssc_ca.crt

        <Directory /var/www/intra54/html>
                Order                   deny,allow
                Deny                    from all
                Allow                   from 10.254.0.0/24

                AuthType                basic
                AuthName                "Area intra54.dei.uc.pt"
                AuthUserFile            /var/www/intra54/passwd/passwd
                Require                 valid-user

                Satisfy                 any

                SSLVerifyClient         optional
                SSLVerifyDepth          1
                SSLOptions              -StrictRequire

#               SSLRequireSSL
        </Directory>
</VirtualHost>



Mime
View raw message