'Re: [apache-ssl] Client authentication'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-ssl
Subject:    Re: [apache-ssl] Client authentication
From:       Ben Laurie <ben () algroup ! co ! uk>
Date:       2003-09-22 15:57:35
[Download RAW message or body]

Sorin Marti wrote:

> Hi all,
> 
> I am trying to set up a Intranet-page where the client is automatically
> authenticated with a certificate. The necessery user Information I want
> to get from an LDAP-directory...
> 
> I've been trying around a few days now but I don't get it the right way.
> Can anyone tell me how to adapt httpd.conf (current conf attached) to my
> needs and how to create certificates with openssl for clients...
> 
> Are there any good tutorials available?
> 
> 
> Part of my current httpd.conf:
> ------------------------------
> <VirtualHost www2-i.semafor.ch:443>
> DocumentRoot "/srv/www/htdocs/intra"
> ServerName www2-i.semafor.ch
> SSLEngine on
> SSLProtocol all
> SSLCipherSuite  HIGH:MEDIUM
> 
> #SSLCertificateFile /etc/apache2/ssl.crt/semafor.ch.crt
> #SSLCertificateKeyFile /etc/apache2/ssl.key/semafor.ch.key
> 
> SSLVerifyClient none
> 
> SSLCACertificatePath /etc/apache2/certs/certs/
> SSLCACertificateFile /etc/apache2/certs/certs/CA.crt
> 
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> CustomLog /var/log/apache2/ssl_request_semafor.ch.log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> 
> <Location /verifyC>
>  SSLVerifyClient require
>  SSLVerifyDepth 2
> </Location>
> </VirtualHost>
> ----------------------------------
> 
> As I understand this configuration I've got the URL "www2-i.semafor.ch"
> where I don't have to authenticate the client and the URL
> "www2-i.semafor.ch/verifyC" where I have to.
> 
> If I access www2-i.semafor.ch I have to enter the password for the
> client certificate... why?
> 
> If I access www2-i.semafor.ch/verifyC/ I have to enter my password again
> and I get an error:
> An error occured while loading https://www2-i.semafor.ch/verifyC/:
> Connection to host www2-i.semafor.ch is broken
> 
> The Apache error_log says:
> ---------------------------
> [error] Re-negotiation handshake failed: Client verification failed
> [error] Re-negotiation handshake failed: Not accepted by client!?
> [notice] child pid 20990 exit signal Segmentation fault (11)
> 
> The ssl_request_semafor.ch.log says:
> ------------------------------------
> XX.XX.XX.XX SSLv3 RC4-MD5 "GET / HTTP/1.1" 552
> XX.XX.XX.XX - - "GET /verifyC/ HTTP/1.1" 383
> 
> 
> So what's wrong? I don't understand these errors...
> 
> My apache: 2.0.44
> My OS: SuSE Linux 8.2
> My openssl: 0.9.6i [engine] Feb 19 2003
> 
> If you have any ideas or links, please help.

Or, of course, switch to Apache-SSL and ask here :-)

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff



-----------------------------------------------------------------------------------
to unsubscribe, send a blank email to: apache-ssl-unsubscribe@lists.aldigital.co.uk

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic