httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Mearns <mearn...@gmail.com>
Subject Re: [users@httpd] IE7 Client Auth with SSL Certs
Date Sun, 18 Jan 2009 18:12:34 GMT
On Sun, Jan 18, 2009 at 9:09 AM, Eray Aslan <eray.aslan@caf.com.tr> wrote:
> I cannot get IE7 Windows Vista clients to authenticate with SSL Certs.
> Browser lets me choose the certificate but results in "Cannot display
> the web page..".  Server logs just the generic:
>
> Jan 18 14:00:01 sunny apache2-TL: 62.x.x.x - - [18/Jan/2009:14:00:01
> +0000] "GET /secure HTTP/1.1" 403 -
>
> Windows XP clients with IE6 can access the web pages with no problem.
> Searching the archives makes me think that firefox should have no
> problems as well.  So basically it is problem with IE7.
>
> Any pointers to make IE7 authenticate with client SSL certs to the web
> server?  Is there any work arounds?
>
> Apache 2.2.10
>
> Settings:
>
> SSLEngine on
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile /etc/apache2/ssl/apacheCert.pem
> SSLCertificateKeyFile /etc/apache2/ssl/apache.key
> SSLCACertificateFile /var/www/xxx.xxx/htdocs/cacert.crt
> SSLCARevocationFile /var/www/xxx.xxx/htdocs/crl.pem
> SSLVerifyClient none
> <Location /secure>
>     SSLVerifyClient require
>     SSLVerifyDepth 1
> </Location>
>
> Thank you
> --
> Eray

I've got this in my ssl config, based on something that was in
examples config file:

# Bend forward for MicroSloth
BrowserMatch ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0

But It doesn't really look like it's related to client auth. Might be
worth a try, though


-Brian
-- 
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message