httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Ruggeri <DRugg...@primary.net>
Subject Re: [users@httpd] Strange log in ssl server?
Date Fri, 15 Mar 2013 13:47:27 GMT
On 3/13/2013 1:50 AM, Felix Rubio Dalmau wrote:
> Hi,
>
> I've secured my apache by using SSL certificates (self-signed CA) for both server 
> and clients, and I require them to the clients in order to connect. However, I 
> have found these entries in ssl_access.log:
>
> 110.5.109.100 - - [03/Mar/2013:16:15:56 +0100] "GET /" 400 458 "-" "-"
> 93.174.88.31 - - [07/Mar/2013:15:25:54 +0100] "GET /" 400 458 "-" "-"
>
> If those clients do not have the certificates (I'm sure of that), and the 
> negotiation is supposed to be encrypted because of the SSL, how is possible that 
> they have reached the point to do a "GET /"? Am I missing something? I thought 
> that SSL negotiation was performed before the requesting of any page :-s
>
> Regards
>
> Felix
>

Hello, Felix;
   What you have probably configured is server-side SSL only (can
confirm if you post some config snippets). This would mean there are no
requirements at the transport layer for the client to have a
certificate. If you want to require the client to have a certificate,
you can use these directives:

SSLVerifyClient require
SSLCACertificateFile /path/to/your/CA/cert.pem

The word of caution here is that all users will have to present a client
certificate - which would mean they have to have them available to their
browsers or they will never be able to make a request.

--
Daniel Ruggeri


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message