httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Berube, Steve (HP Software)" <steve.ber...@hp.com>
Subject RE: [users@httpd] Requesting help with Smart Card Client Certificate Authentication issue.
Date Tue, 27 Oct 2009 14:21:32 GMT
My test originally was this
<Location />
     SSLVerifyClient require

     SSLVerifyDepth 10

     SSLOptions +StdEnvVars
</location>

Same issue whether based on a directory or using the root location.
I'm still trying to figure out why one and only IE works, but no others.
I've tried HTTP Analyzer plugin for IE which only shows a single error (nothing else)

ERROR_INTERNET_SECURITY_CHANNEL_ERROR

Nothing else at all in the trace.

If I go to the root url (which is SSL Enabled, but no client verify)

I will try your suggestion of wireshark.


-----Original Message-----
From: Eric Covener [mailto:covener@gmail.com] 
Sent: Tuesday, October 27, 2009 10:17 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Requesting help with Smart Card Client Certificate Authentication
issue.

On Mon, Oct 26, 2009 at 10:36 PM, Berube, Steve (HP Software)
<steve.berube@hp.com> wrote:
> <Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin">
>
>     SSLVerifyClient require
>
>     SSLVerifyDepth 10
>
>     SSLOptions +StdEnvVars
>
> </Directory>


Can you simplify your testing by setting this outside of per-directory
config?  Have you used wireshark to see if Apache is sending the
proper list of trusted certificates that line up with whoever signed
your certs in your HW device?

Perhaps http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile
or  http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatepath
might help?

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message