That doesn't seem to work for me. I mean, it asks me for the certificate, however if the certificate is accepted, it will still check if it is inside the lan or if the user/pass is ok. What I really wanted would be if a valid certificate is received, then promptly accept the client.
Yeah I read about that.. But is there another way then I can solve my problem? Thanks! Ricardo On Thu, Oct 30, 2008 at 1:55 PM, Jorge Medina <[EMAIL PROTECTED]> wrote: > > http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslverifyclient > > Try moving SSLVerifyClient outside of the <Directory>, just in your > <VirtualHost>. > > Also, seems that "optional" is not supported by all browsers. You must use > "require". > > > ------------------------------ > *From:* Ricardo Ramos [mailto:[EMAIL PROTECTED] > *Sent:* Wednesday, October 29, 2008 11:06 PM > *To:* users@httpd.apache.org > *Subject:* [EMAIL PROTECTED] mod_ssl + basic auth > > Hi! > > I want to do this: check if the client sends me a certificate which my > self-signed CA has signed or if the client is inside the same network or if > the client enters a username+password. > > However, with this, I can't have my browser(s) prompting me for a > certificate.. it just seems that that part is ignored... > > Any suggestions? > > PS - i've seen already the ssl_howto page (in fact this is a bit based from > there) > > Thanks in advance for any help! > > Ricardo > > <VirtualHost 10.254.0.54:443> > ServerName intra54.dei.uc.pt > DocumentRoot /var/www/intra54/html > ServerAdmin [EMAIL PROTECTED] > SSLEngine on > SSLCertificateFile /var/www/intra54/ssl/intra54.crt > SSLCertificateKeyFile /var/www/intra54/ssl/intra54.key > SSLCACertificateFile /etc/pki/SSC_CA/ssc_ca.crt > > <Directory /var/www/intra54/html> > Order deny,allow > Deny from all > Allow from 10.254.0.0/24 > > AuthType basic > AuthName "Area intra54.dei.uc.pt" > AuthUserFile /var/www/intra54/passwd/passwd > Require valid-user > > Satisfy any > > SSLVerifyClient optional > SSLVerifyDepth 1 > SSLOptions -StrictRequire > > # SSLRequireSSL > </Directory> > </VirtualHost> >