Re: mod_ssl help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Anyone?


On Fri, Mar 1, 2013 at 7:39 PM, Michele Mase' <michele.mase@xxxxxxxxx> wrote:
I'm testing a client authentication using:

SSLCACertificateFile /path/to/pemfile.pem
<LocationMatch "/test">
        SSLVerifyClient require
        SSLVerifyDepth 2
        SSLOptions +StdEnvVars +ExportCertData
        SSLRequire  %{SSL_CLIENT_I_DN} eq "/C=US/O=acme/OU=acme/CN=acme"
/LocationMatch>


I should use two different CA with the same DN (file /path/to/pemfile.pem)
When i try to use this configuration I receive:
Access totest denied for 10.10.10.10 (requirement _expression_ not fulfilled)
Failed _expression_: %{SSL_CLIENT_I_DN} eq ...

The only way it works is without the SSLRequire directive.
or
Using only one CA in the file (file /path/to/pemfile.pem)

Some suggestions?

Regards
Michele Masè

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux