Re: [users@httpd] mod_ssl + basic auth

Thu, 30 Oct 2008 07:21:21 -0700 

That doesn't seem to work for me. I mean, it asks me for the certificate,
however if the certificate is accepted, it will still check if it is inside
the lan or if the user/pass is ok. What I really wanted would be if a valid
certificate is received, then promptly accept the client.

Yeah I read about that.. But is there another way then I can solve my
problem?

Thanks!

Ricardo

On Thu, Oct 30, 2008 at 1:55 PM, Jorge Medina <[EMAIL PROTECTED]> wrote:

>
> http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslverifyclient
>
> Try moving SSLVerifyClient outside of the <Directory>, just in your
> <VirtualHost>.
>
> Also, seems that "optional" is not supported by all browsers. You must use
> "require".
>
>
>  ------------------------------
> *From:* Ricardo Ramos [mailto:[EMAIL PROTECTED]
> *Sent:* Wednesday, October 29, 2008 11:06 PM
> *To:* users@httpd.apache.org
> *Subject:* [EMAIL PROTECTED] mod_ssl + basic auth
>
>   Hi!
>
> I want to do this: check if the client sends me a certificate which my
> self-signed CA has signed or if the client is inside the same network or if
> the client enters a username+password.
>
> However, with this, I can't have my browser(s) prompting me for a
> certificate.. it just seems that that part is ignored...
>
> Any suggestions?
>
> PS - i've seen already the ssl_howto page (in fact this is a bit based from
> there)
>
> Thanks in advance for any help!
>
> Ricardo
>
> <VirtualHost 10.254.0.54:443>
>         ServerName              intra54.dei.uc.pt
>         DocumentRoot            /var/www/intra54/html
>         ServerAdmin             [EMAIL PROTECTED]
>         SSLEngine               on
>         SSLCertificateFile      /var/www/intra54/ssl/intra54.crt
>         SSLCertificateKeyFile   /var/www/intra54/ssl/intra54.key
>         SSLCACertificateFile    /etc/pki/SSC_CA/ssc_ca.crt
>
>         <Directory /var/www/intra54/html>
>                 Order                   deny,allow
>                 Deny                    from all
>                 Allow                   from 10.254.0.0/24
>
>                 AuthType                basic
>                 AuthName                "Area intra54.dei.uc.pt"
>                 AuthUserFile            /var/www/intra54/passwd/passwd
>                 Require                 valid-user
>
>                 Satisfy                 any
>
>                 SSLVerifyClient         optional
>                 SSLVerifyDepth          1
>                 SSLOptions              -StrictRequire
>
> #               SSLRequireSSL
>         </Directory>
> </VirtualHost>
>

Reply via email to