AW: question on client authentication using certificates

Wed, 07 Feb 2001 00:22:58 -0800 

Hi,

I had the Netscape Problem too. I didn't get an answer up to now.
The only way to get around this I found up to now is to configure to send
the certificate automatically, instead of asking.

If you find a better solution, please let me know.

Tnx

  Stefan

-----Ursprüngliche Nachricht-----
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Gesendet: Dienstag, 6. Februar 2001 23:50
An: [EMAIL PROTECTED]
Betreff: question on client authentication using certificates


Howdy,

I am having a problem with modssl certificate based client authentication
that
will undoubtedly have a simple answer.  

Currently, I have a CA certificate that I use to sign all my client
certificates.  On the apache+modssl server I want to use certificate based
authentication.  The client need only have a certificate signed by the CA to
obtain access to the site.  I added the following directives to the
httpd.conf
as per the modssl Howto.

SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile /path/to/file.crt

After turning the server over, I made the following discoveries:

- On Netscape, it will request my certificate for authentication.  The
problem
is, it requests it for every single page and image (on a page with several
images the dialog box pops up once for each image).  If I click on a link,
it
starts the cycle over again (requesting certificates for the new page and
the
images).

- On Internet Explorer, the dialog box requesting the certificate for
authentication pops up, but then I get an error page (One of the vanilla IE
error pages:  Cannot find server or DNS Error)

I plan to keep working on it, but any help would be greatly appreciated.  My
configuration information is listed below:

Netscape 4.75
Internet Explorer 5.00.292
Apache 1.3.17 + mod_ssl 2.8 (latest greatest)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to