httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] user certificates with apache
Date Wed, 11 Feb 2009 13:10:11 GMT
On Tue, Feb 10, 2009 at 11:43 PM, - - <jensiragh@hotmail.de> wrote:
>
> Hi,
>
> I am recently set-up an environment for testing client certificate based
> authentication on an apache webserver. The test environment is a recent Ubuntu
> 8.10 distro with tinyca2 0.7.5 and apache 2.2.9. I have setup a test root CA,
> two certificates signed by this CA: One for the webserver and one for the user.
> Everything done by tinyca2. First I configured apache to allow only
> ssl-connections (no client certificates yet): Everything worked so far: /var/www
> is only accessible via https. Now I added a new subdirectory /var/www/secret
> with a dummy index.html which should only be accessible by users which provide a
> certificate. So I added this to my sites-enabled/foo.conf:
>
> ...
> SSLVerifyClient none
> ...
>
> SSLVerifyClient require
> SSLVerifyDepth 2
> SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> and %{SSL_CLIENT_S_DN_CN} eq "My name in CN of certificate" )
>
>
> What I expected was: outside of /var/www/secret (i.e. in /var/www or
> /var/www/public) documents are accessible by everyone, only inside of
> /var/www/secret a user needs to provide his certificate.
> What I got was: apache asks for the users certificate no matter which document
> is reqested (i.e. inside AND outside of /var/www/secret).
>

Can you post your verbatim configuration? The operative context isn't
really shown.

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message