[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-ssl
Subject: [apache-ssl] Client authentication
From: Sorin Marti <mas () semafor ! ch>
Date: 2003-09-18 8:20:30
[Download RAW message or body]
Hi all,
I am trying to set up a Intranet-page where the client is automatically
authenticated with a certificate. The necessery user Information I want
to get from an LDAP-directory...
I've been trying around a few days now but I don't get it the right way.
Can anyone tell me how to adapt httpd.conf (current conf attached) to my
needs and how to create certificates with openssl for clients...
Are there any good tutorials available?
Part of my current httpd.conf:
------------------------------
<VirtualHost www2-i.semafor.ch:443>
DocumentRoot "/srv/www/htdocs/intra"
ServerName www2-i.semafor.ch
SSLEngine on
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM
#SSLCertificateFile /etc/apache2/ssl.crt/semafor.ch.crt
#SSLCertificateKeyFile /etc/apache2/ssl.key/semafor.ch.key
SSLVerifyClient none
SSLCACertificatePath /etc/apache2/certs/certs/
SSLCACertificateFile /etc/apache2/certs/certs/CA.crt
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /var/log/apache2/ssl_request_semafor.ch.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<Location /verifyC>
SSLVerifyClient require
SSLVerifyDepth 2
</Location>
</VirtualHost>
----------------------------------
As I understand this configuration I've got the URL "www2-i.semafor.ch"
where I don't have to authenticate the client and the URL
"www2-i.semafor.ch/verifyC" where I have to.
If I access www2-i.semafor.ch I have to enter the password for the
client certificate... why?
If I access www2-i.semafor.ch/verifyC/ I have to enter my password again
and I get an error:
An error occured while loading https://www2-i.semafor.ch/verifyC/:
Connection to host www2-i.semafor.ch is broken
The Apache error_log says:
---------------------------
[error] Re-negotiation handshake failed: Client verification failed
[error] Re-negotiation handshake failed: Not accepted by client!?
[notice] child pid 20990 exit signal Segmentation fault (11)
The ssl_request_semafor.ch.log says:
------------------------------------
XX.XX.XX.XX SSLv3 RC4-MD5 "GET / HTTP/1.1" 552
XX.XX.XX.XX - - "GET /verifyC/ HTTP/1.1" 383
So what's wrong? I don't understand these errors...
My apache: 2.0.44
My OS: SuSE Linux 8.2
My openssl: 0.9.6i [engine] Feb 19 2003
If you have any ideas or links, please help.
Thanks in advance
Sorin
-----------------------------------------------------------------------------------
to unsubscribe, send a blank email to: apache-ssl-unsubscribe@lists.aldigital.co.uk
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic