Maybe you need to specify SSLOptions +FakeBasicAuth http://httpd.apache.org/docs/2.2/en/ssl/ssl_howto.html#accesscontrol <http://httpd.apache.org/docs/2.2/en/ssl/ssl_howto.html#accesscontrol>
________________________________ From: Ricardo Ramos [mailto:[EMAIL PROTECTED] Sent: Thursday, October 30, 2008 10:21 AM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] mod_ssl + basic auth That doesn't seem to work for me. I mean, it asks me for the certificate, however if the certificate is accepted, it will still check if it is inside the lan or if the user/pass is ok. What I really wanted would be if a valid certificate is received, then promptly accept the client. Yeah I read about that.. But is there another way then I can solve my problem? Thanks! Ricardo On Thu, Oct 30, 2008 at 1:55 PM, Jorge Medina <[EMAIL PROTECTED]> wrote: http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslverifyclient Try moving SSLVerifyClient outside of the <Directory>, just in your <VirtualHost>. Also, seems that "optional" is not supported by all browsers. You must use "require". ________________________________ From: Ricardo Ramos [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2008 11:06 PM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] mod_ssl + basic auth Hi! I want to do this: check if the client sends me a certificate which my self-signed CA has signed or if the client is inside the same network or if the client enters a username+password. However, with this, I can't have my browser(s) prompting me for a certificate.. it just seems that that part is ignored... Any suggestions? PS - i've seen already the ssl_howto page (in fact this is a bit based from there) Thanks in advance for any help! Ricardo <VirtualHost 10.254.0.54:443 <http://10.254.0.54:443/> > ServerName intra54.dei.uc.pt <http://intra54.dei.uc.pt/> DocumentRoot /var/www/intra54/html ServerAdmin [EMAIL PROTECTED] SSLEngine on SSLCertificateFile /var/www/intra54/ssl/intra54.crt SSLCertificateKeyFile /var/www/intra54/ssl/intra54.key SSLCACertificateFile /etc/pki/SSC_CA/ssc_ca.crt <Directory /var/www/intra54/html> Order deny,allow Deny from all Allow from 10.254.0.0/24 AuthType basic AuthName "Area intra54.dei.uc.pt <http://intra54.dei.uc.pt/> " AuthUserFile /var/www/intra54/passwd/passwd Require valid-user Satisfy any SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions -StrictRequire # SSLRequireSSL </Directory> </VirtualHost>