RE: [users@httpd] mod_ssl + basic auth

Thu, 30 Oct 2008 08:33:43 -0700 

Maybe you need to specify SSLOptions +FakeBasicAuth
 
http://httpd.apache.org/docs/2.2/en/ssl/ssl_howto.html#accesscontrol
<http://httpd.apache.org/docs/2.2/en/ssl/ssl_howto.html#accesscontrol> 

________________________________

From: Ricardo Ramos [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 30, 2008 10:21 AM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] mod_ssl + basic auth


That doesn't seem to work for me. I mean, it asks me for the
certificate, however if the certificate is accepted, it will still check
if it is inside the lan or if the user/pass is ok. What I really wanted
would be if a valid certificate is received, then promptly accept the
client.
 
Yeah I read about that.. But is there another way then I can solve my
problem?
 
Thanks!
 
Ricardo


On Thu, Oct 30, 2008 at 1:55 PM, Jorge Medina <[EMAIL PROTECTED]>
wrote:


         
        
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslverifyclient
         
        Try moving SSLVerifyClient outside of the <Directory>, just in
your <VirtualHost>.  
         
        Also, seems that "optional" is not supported by all browsers.
You must use  "require".
         
        
        
________________________________

        From: Ricardo Ramos [mailto:[EMAIL PROTECTED] 
        Sent: Wednesday, October 29, 2008 11:06 PM
        To: users@httpd.apache.org
        Subject: [EMAIL PROTECTED] mod_ssl + basic auth
        
        
        Hi!
         
        I want to do this: check if the client sends me a certificate
which my self-signed CA has signed or if the client is inside the same
network or if the client enters a username+password.
         
        However, with this, I can't have my browser(s) prompting me for
a certificate.. it just seems that that part is ignored...
         
        Any suggestions?
         
        PS - i've seen already the ssl_howto page (in fact this is a bit
based from there)
         
        Thanks in advance for any help!
         
        Ricardo
         
        <VirtualHost 10.254.0.54:443 <http://10.254.0.54:443/> >
                ServerName              intra54.dei.uc.pt
<http://intra54.dei.uc.pt/> 
                DocumentRoot            /var/www/intra54/html
                ServerAdmin             [EMAIL PROTECTED]
                SSLEngine               on
                SSLCertificateFile      /var/www/intra54/ssl/intra54.crt
                SSLCertificateKeyFile   /var/www/intra54/ssl/intra54.key
                SSLCACertificateFile    /etc/pki/SSC_CA/ssc_ca.crt

                <Directory /var/www/intra54/html>
                        Order                   deny,allow
                        Deny                    from all
                        Allow                   from 10.254.0.0/24

                        AuthType                basic
                        AuthName                "Area intra54.dei.uc.pt
<http://intra54.dei.uc.pt/> "
                        AuthUserFile
/var/www/intra54/passwd/passwd
                        Require                 valid-user

                        Satisfy                 any

                        SSLVerifyClient         optional
                        SSLVerifyDepth          1
                        SSLOptions              -StrictRequire

        #               SSLRequireSSL
                </Directory>
        </VirtualHost>

Reply via email to