[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-ssl
Subject: Re: [apache-ssl] Client authentication
From: Ben Laurie <ben () algroup ! co ! uk>
Date: 2003-09-22 15:57:35
[Download RAW message or body]
Sorin Marti wrote:
> Hi all,
>
> I am trying to set up a Intranet-page where the client is automatically
> authenticated with a certificate. The necessery user Information I want
> to get from an LDAP-directory...
>
> I've been trying around a few days now but I don't get it the right way.
> Can anyone tell me how to adapt httpd.conf (current conf attached) to my
> needs and how to create certificates with openssl for clients...
>
> Are there any good tutorials available?
>
>
> Part of my current httpd.conf:
> ------------------------------
> <VirtualHost www2-i.semafor.ch:443>
> DocumentRoot "/srv/www/htdocs/intra"
> ServerName www2-i.semafor.ch
> SSLEngine on
> SSLProtocol all
> SSLCipherSuite HIGH:MEDIUM
>
> #SSLCertificateFile /etc/apache2/ssl.crt/semafor.ch.crt
> #SSLCertificateKeyFile /etc/apache2/ssl.key/semafor.ch.key
>
> SSLVerifyClient none
>
> SSLCACertificatePath /etc/apache2/certs/certs/
> SSLCACertificateFile /etc/apache2/certs/certs/CA.crt
>
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> CustomLog /var/log/apache2/ssl_request_semafor.ch.log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> <Location /verifyC>
> SSLVerifyClient require
> SSLVerifyDepth 2
> </Location>
> </VirtualHost>
> ----------------------------------
>
> As I understand this configuration I've got the URL "www2-i.semafor.ch"
> where I don't have to authenticate the client and the URL
> "www2-i.semafor.ch/verifyC" where I have to.
>
> If I access www2-i.semafor.ch I have to enter the password for the
> client certificate... why?
>
> If I access www2-i.semafor.ch/verifyC/ I have to enter my password again
> and I get an error:
> An error occured while loading https://www2-i.semafor.ch/verifyC/:
> Connection to host www2-i.semafor.ch is broken
>
> The Apache error_log says:
> ---------------------------
> [error] Re-negotiation handshake failed: Client verification failed
> [error] Re-negotiation handshake failed: Not accepted by client!?
> [notice] child pid 20990 exit signal Segmentation fault (11)
>
> The ssl_request_semafor.ch.log says:
> ------------------------------------
> XX.XX.XX.XX SSLv3 RC4-MD5 "GET / HTTP/1.1" 552
> XX.XX.XX.XX - - "GET /verifyC/ HTTP/1.1" 383
>
>
> So what's wrong? I don't understand these errors...
>
> My apache: 2.0.44
> My OS: SuSE Linux 8.2
> My openssl: 0.9.6i [engine] Feb 19 2003
>
> If you have any ideas or links, please help.
Or, of course, switch to Apache-SSL and ask here :-)
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
-----------------------------------------------------------------------------------
to unsubscribe, send a blank email to: apache-ssl-unsubscribe@lists.aldigital.co.uk
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic