Hi everybody,
I'm quite new to the mailing list, found some similar stuff in it but
nothing that can solve my problem.
Here is the story:
I ran mod-ssl 2.3.5-openssl 0.9.3-apache 1.3.6 in a x86 machine with
Linux Red-Hat 6.0 (don't remember Kernel Version).
I configured my apache-ssl server with my server.crt, server.key and a
ca.crt files.
***Note****
My client (1024-bits key) certificate was succesfully created, signed
with ca.crt and imported into my Netscape 4.51 web-browser in a pkcs12
format
***End-Note***
SSLCertificateFile /some-path/server.crt
SSLCertificateKeyFile /some-path/server.key
Then I wanted only my self-signed CA to recognize certificates:
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
Done.
SSLCACertificatePath /some-path/
SSLCACertificateFile /some-path/ca.crt
SSLVerifyClient none
when I start httpd with ssl all works fine, but, if I reconfigure it
with a per-directory access restriction
<Directory /some-directory>
SSLVerifyClient require
SSLVerifyDepth 1 #sometimes I used 5
but the result still didn't change
SSLOptions +FakeBasicAuth
SSLRequireSSL
SSLRequire %(SSL_CLIENT_S_DN_O) eq
"something"
</Directory>
then the server ask me a certificate for every page, frame, gif or
whatever he must load from this directory.
Finally I added +OptRenegotiate in the SSLOptions directive, and
the server ask me for a certificate but when I click on the Continue
button the answer is:
You don't have permission to access /some-directory/ on
..............
The error_log file is something like this:
Cannot find peer certificate chain
Where?
Thanks in advance for help.
Paolo Di Martino
Omega Generation
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
