'[apache-ssl] Client authentication'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-ssl
Subject:    [apache-ssl] Client authentication
From:       Sorin Marti <mas () semafor ! ch>
Date:       2003-09-18 8:20:30
[Download RAW message or body]

Hi all,

I am trying to set up a Intranet-page where the client is automatically 
authenticated with a certificate. The necessery user Information I want 
to get from an LDAP-directory...

I've been trying around a few days now but I don't get it the right way. 
Can anyone tell me how to adapt httpd.conf (current conf attached) to my 
needs and how to create certificates with openssl for clients...

Are there any good tutorials available?


Part of my current httpd.conf:
------------------------------
<VirtualHost www2-i.semafor.ch:443>
DocumentRoot "/srv/www/htdocs/intra"
ServerName www2-i.semafor.ch
SSLEngine on
SSLProtocol all
SSLCipherSuite  HIGH:MEDIUM

#SSLCertificateFile /etc/apache2/ssl.crt/semafor.ch.crt
#SSLCertificateKeyFile /etc/apache2/ssl.key/semafor.ch.key

SSLVerifyClient none

SSLCACertificatePath /etc/apache2/certs/certs/
SSLCACertificateFile /etc/apache2/certs/certs/CA.crt

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /var/log/apache2/ssl_request_semafor.ch.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

<Location /verifyC>
  SSLVerifyClient require
  SSLVerifyDepth 2
</Location>
</VirtualHost>
----------------------------------

As I understand this configuration I've got the URL "www2-i.semafor.ch" 
where I don't have to authenticate the client and the URL 
"www2-i.semafor.ch/verifyC" where I have to.

If I access www2-i.semafor.ch I have to enter the password for the 
client certificate... why?

If I access www2-i.semafor.ch/verifyC/ I have to enter my password again 
and I get an error:
An error occured while loading https://www2-i.semafor.ch/verifyC/:
Connection to host www2-i.semafor.ch is broken

The Apache error_log says:
---------------------------
[error] Re-negotiation handshake failed: Client verification failed
[error] Re-negotiation handshake failed: Not accepted by client!?
[notice] child pid 20990 exit signal Segmentation fault (11)

The ssl_request_semafor.ch.log says:
------------------------------------
XX.XX.XX.XX SSLv3 RC4-MD5 "GET / HTTP/1.1" 552
XX.XX.XX.XX - - "GET /verifyC/ HTTP/1.1" 383


So what's wrong? I don't understand these errors...

My apache: 2.0.44
My OS: SuSE Linux 8.2
My openssl: 0.9.6i [engine] Feb 19 2003

If you have any ideas or links, please help.

    Thanks in advance
        Sorin


-----------------------------------------------------------------------------------
to unsubscribe, send a blank email to: apache-ssl-unsubscribe@lists.aldigital.co.uk

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic