httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan Brown" <em745...@blueyonder.co.uk>
Subject Re: [users@httpd] SSL Client Authentication Problem
Date Wed, 29 Dec 2010 11:48:07 GMT
----- Original Message ----- 
From: "Joost de Heer" <joost@sanguis.xs4all.nl>
To: <users@httpd.apache.org>
Sent: Wednesday, December 29, 2010 7:33 AM
Subject: Re: [users@httpd] SSL Client Authentication Problem


>> The browser is supposed to request which client
>> certificate the user wants to use, then I can select the one I created 
>> and
>> signed with ca.crt, which I have set as a trusted CA in the browser.
>
> Did you import the client certificate in the browser?
>
> Joost
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

Hi,

I have imported client certificate into the browsers, and it makes no 
difference. All browsers stop immediately with the error, though Safari does 
get as far as displaying the Client Cert Selection dialog, but then it too 
encounters the error.

Even if client cert is not installed the browser should still come up with a 
dialog, eg as described in this article :-

http://www.symantec.com/connect/articles/apache-2-ssltls-step-step-part-3

I note some other people have encountered this same problem, eg with Apache 
on FreeBSD :-

http://forums.freebsd.org/showthread.php?t=5816

I think would be useful to have this feature as it adds an additional level 
of security, in that the user must have this certificate, as well as possess 
login information such as username and password, to access the secure site.

I have searched Google high and low and cannot find any evidence there is a 
bug in Apache which is causing this. Its happening on all major browsers, 
and on two platforms ie XP and FreeBSD, so maybe it is a bug, or what could 
be wrong with the config or creation of the certs and keys?

Regards,
Alan.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message