Hello folks, I'm having trouble with the apache configuration in one of my virtual hosts and I'm starting to wonder if what I'm trying is a supported configuration. I'm setting up an SSL vhost with a <Location> directive, so that when a request is made for that location the client certificate is requested, or is supposed to because what really happens is that an error is shown in the browser (ssl_error_handshake_failure_alert in firefox) and in the apache logs (Re-negotiation request failed). The environment where it is installed is: Linux SLES10, apache 2.2.3 and SLES11, apache 2.2.10 The vhost configuration is: ################################################################### <IfDefine SSL> <IfDefine !NOSSL> <VirtualHost 10.241.128.121:443> DocumentRoot "/srv/www/vhosts/portaladriano" ServerName portaladriano-pre.justicia.junta-andalucia.es:443 ServerAdmin gtsl.ius@xxxxxxxxxxxxxxxxxxx ErrorLog /var/log/apache2/ws121-error_log TransferLog /var/log/apache2/ws121-access_log SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM SSLCertificateFile /etc/apache2/ssl.crt/padrianop.crt SSLCertificateKeyFile /etc/apache2/ssl.key/padrianop.key SSLCACertificateFile /etc/apache2/ssl.crt/fnmt.crt <Location "/Fispenco/"> SSLOptions +stdEnvVars +ExportCertData SSLVerifyClient require SSLVerifyDepth 2 </Location> <Directory "/srv/www/vhosts/portaladriano"> Options FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> </VirtualHost> </IfDefine> ################################################################## The reason to use a <Location> instead of a <Directory> is because, in the production servers, the URL within the directive is jk mounted from a tomcat server. Accessing the parts outside the <Location> works without any problem, the ssl connection is made and the requested content is shown. For example accessing the URL https://10.241.128.121/DilPenHU.html shows the html page perfectly, but accessing https://10.241.128.121/Fispenco/fispenco.htm returns the error mentioned before. Funny thing is that this same configuration is working in one of my test servers (SLES10, apache 2.2.3), the first one that was set up. And on top of that a few of my colleagues, not many, get the client certificate request when accessing the URL in the <Location> directive, in the servers where the vhost configuration is "mostly" not working. Also tried to access the URL with curl and this is what I get: ####################################################################### # curl -v --cacert ca.cert https://portaladriano-pre.justicia.junta-andalucia.es/Fispenco/fispenco.htm * About to connect() to portaladriano-pre.justicia.junta-andalucia.es port 443 (#0) * Trying 10.241.128.121... connected * Connected to portaladriano-pre.justicia.junta-andalucia.es (10.241.128.121) port 443 (#0) * successfully set certificate verify locations: * CAfile: ca.cert CApath: /etc/ssl/certs/ * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using DHE-RSA-AES256-SHA * Server certificate: * subject: /C=es/O=Junta de Andalucia/OU=ius/CN=portaladriano-pre.justicia.junta-andalucia.es/emailAddress=gtsl.ius@xxxxxxxxxxxxxxxxxxx * start date: 2009-06-23 10:29:23 GMT * expire date: 2024-06-23 10:29:23 GMT * common name: portaladriano-pre.justicia.junta-andalucia.es (matched) * issuer: /C=es/O=junta-andalucia/OU=ius/CN=AC para la Administracion de Justicia en la Junta de Andalucia * SSL certificate verify ok. > GET /Fispenco/fispenco.htm HTTP/1.1 > User-Agent: curl/7.18.1 (i686-suse-linux-gnu) libcurl/7.18.1 OpenSSL/0.9.8g zlib/1.2.3 libidn/1.8 > Host: portaladriano-pre.justicia.junta-andalucia.es > Accept: */* > * SSLv3, TLS alert, Server hello (2): * Empty reply from server * Connection #0 to host portaladriano-pre.justicia.junta-andalucia.es left intact curl: (52) Empty reply from server * Closing connection #0 * SSLv3, TLS alert, Client hello (1): ####################################################################### Any clues about what might be happening here? Thanks. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx