Hello all, I'm trying to setup a website that allows client certs if a client has one, but uses HTTP basic auth over SSL otherwise. Using the example at:
http://www.modssl.org/docs/2.8/ssl_howto.html#ToC10 as a guide, I came up with the following: ### SSLCACertificatePath /etc/httpd/conf/ssl.crt SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca.crt SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key SSLVerifyClient optional SSLVerifyDepth 2 SSLOptions +FakeBasicAuth +StrictRequire <Location /> Satisfy any Order deny,allow Deny from all Allow from 10.1.1 Allow from localhost AuthType Basic AuthUserFile /etc/httpd/conf/users AuthName "Test" Require valid-user </Location> ### I moved the SSL-related lines out of the Location container to avoid these errors: [Tue Apr 9 09:07:54 2002] [error] mod_ssl: SSL error on writing data (OpenSSL library error follows) [Tue Apr 9 09:07:54 2002] [error] OpenSSL: error:1409E0E5:lib(20):func(158):reason(229) [Tue Apr 9 09:07:56 2002] [error] mod_ssl: Cannot find peer certificate chain Client authentication works fine, but if I cancel out of the client cert dialog on the browser I'm allowed full access to the site - I am not prompted for a username/password. Am I missing something? Looking through past mailing list postings, it looks like this may not be possible, but the example I mentioned above seems to state that it is. thanks! David LaPorte ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
