Hello apache-users,
i'm trying to implement client certificate authentication behind a f5
loadbalancer.
My loadbalancer terminates ssl, and dispatches the decrypted
communication via network address translation to the backend apache server.
The client certificate auth should be performed at the webserver.
Unfortunately the "SSLVerifyClient" directive is ignored and access is
always granted.
It seems that without enabled ssl transport encryption, the logic for
"SSLVerifyClient" is deactivated.
Any hints?
Setup Overview:
[Browser with client cert]-----<HTTPS/443>----->[Loadbalancer with SSL
termination]------<HTTP/80>------>[Apache 2.2.11]
Apache Configuration:
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
<VirtualHost *:80>
DocumentRoot "/data/etc/htdocs"
ServerName fooo-bar-test.foooooooo.de
CustomLog "|/usr/sbin/rotatelogs -l
/data/logs/access-guisel-test.foooooooo.de.%Y-%m-%d.log 86400"
combined_foobar_withdomain
ErrorLog "|/usr/sbin/rotatelogs -l
/data/logs/error-guisel-test.foooooooo.de.%Y-%m-%d.log 86400"
SSLCACertificateFile /datashare/etc/ca/keys/ca.crt
# SSLCARevocationFile /datashare/etc/ca/keys/ca.crl
<Location />
SSLVerifyClient require
SSLVerifyDepth 10
SSLRequire %{SSL_CLIENT_S_DN_O} eq "Foobar"
Satisfy all
</Location>
</VirtualHost>
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Regards Marc
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|