[users@httpd] Re: mod_ssl help

Michele Mase' Sun, 03 Mar 2013 12:33:32 -0800

Anyone?


On Fri, Mar 1, 2013 at 7:39 PM, Michele Mase' <michele.m...@gmail.com>wrote:

> I'm testing a client authentication using:
>
> SSLCACertificateFile /path/to/pemfile.pem
> <LocationMatch "/test">
>         SSLVerifyClient require
>         SSLVerifyDepth 2
>         SSLOptions +StdEnvVars +ExportCertData
>         SSLRequire  %{SSL_CLIENT_I_DN} eq "/C=US/O=acme/OU=acme/CN=acme"
> /LocationMatch>
>
>
> I should use two different CA with the same DN (file /path/to/pemfile.pem)
> When i try to use this configuration I receive:
> Access totest denied for 10.10.10.10 (requirement expression not fulfilled)
> Failed expression: %{SSL_CLIENT_I_DN} eq ...
>
> The only way it works is without the SSLRequire directive.
> or
> Using only one CA in the file (file /path/to/pemfile.pem)
>
> Some suggestions?
>
> Regards
> Michele Masè
>

[users@httpd] Re: mod_ssl help

Reply via email to