I've already asked the question in the [EMAIL PROTECTED] mailing list but here it might be more suitable:
I've setup a https site with Apache 2.0.52, mod_ssl 2.0.52 and OpenSSL 0.9.7a (Red Hat Enterprise Linux ES release 4 (Nahant Update 4)). A special directory should be optional authenticated via client certificate. This works with Firefox, Netscape, IE6 but not with IE7 (Windows XP SP2 and Windows Vista). When trying to access the page with IE7 the browser let me choose the client certificate, let me enter the PIN for the smartcard but then shows the error message "The browser can not connect to the site.". In the log files of the server there's only 1 new line: [error] Re-negotiation handshake failed: Not accepted by client!? Here's the httpd.conf part for SSL: SSLEngine on SSLProtocol +SSLv3 SSLCipherSuite HIGH:MEDIUM:SSLv3 SSLCertificateFile /etc/httpd/conf/ssl.crt/mydomain.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mydomain.key SSLCACertificateFile /etc/httpd/conf/ssl.crt/mydomain.ca-bundle SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 <Directory "/var/www/public/htdocs/protected"> SSLVerifyClient optional SSLVerifyDepth 5 SSLOptions +FakeBasicAuth +StdEnvVars +ExportCertData +OptRenegotiate </Directory> Any suggestions? ----- -- Trees die standing. -- View this message in context: http://www.nabble.com/SSLVerifyClient-with-IE7-tp15852947p15852947.html Sent from the mod_ssl - Users mailing list archive at Nabble.com. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]