Hi Oliver, I believe the directives you refer to are for the server establishing an SSL connection. This occurs successfully (other then the cert being for an incorrect host which I will fix later). As you suggested this is in my global configuration that I haven't provided. To summerise, traffic is being encrypted, but client authentication is being ignored. Cheers, Tony On Thu, Mar 02, 2006 at 09:12:49AM +0100, Oliver.Schaudt@xxxxxxxxx wrote: > Hi Tony, > > if you want run SSL my understanding is > that your server need a certificate and > a key file too or do you have it at another place ? > Like: > SSLCertificateFile /path/to/conf/ssl.crt/subversion2.phoenixphire.org.crt > SSLCertificateKeyFile /path/to/conf/ssl.key/subversion2.phoenixphire.org.key > Than it would be better not to put your key and > crtificate files in the document root. Make this too: > SSLCertificateFile /path/to/conf/ssl.crt/ca.crt > "LogLevel debug" can help you later that you see what is going wrong > during the connection phase between your client and your server > > Greets > > oliver > > > -----Urspr?ngliche Nachricht----- > Von: Tony Davies [mailto:tony.davies@xxxxxxxxxxxxxxxx] > Gesendet: Do 02.03.2006 00:59 > An: users@xxxxxxxxxxxxxxxx > Betreff: [users@httpd] SSLVerifyClient require in Virtual Host > > Hi, > > I am running Apache 2.0.55 on a Linux From Scratch box. > > I am trying to get an entire virtual host to get an entire virtual host to use client certificates to authenticate, however I can only get it to work on <Location /> directive (I havent tried <Directory>) which forces a renogiate. > > This is fine for things like Firefox which can handle the renogiation, however I plan on turning this virtual host into a subversion repository and havent been able to get renogiation to work with the svn client or javasvn (but that is a whole other problem). > > The subversion2.phoenixphire.org-ssl.log verifies that a client certificate isnt being sent with my configuration. After running some tests with SSLVerifyClient require in a <Location /> directive I can verify that firefox does send a client certificat after a renogiation. > > Is this a bug? The Apache 2.0 documentation says that this is valid and should work (The howto on the apache site for this also says this should work). > > Cheers, > > Phoenix > > My virtual host config is as follows: > > <VirtualHost *:443> > ServerName subversion2.phoenixphire.org > DocumentRoot /srv/www/subversion2.phoenixphire.org > > ErrorLog /var/log/apache/subversion2.phoenixphire.org-error.log > CustomLog /var/log/apache/subversion2.phoenixphire.org-access.log common > CustomLog /var/log/apache/subversion2.phoenixphire.org-ssl.log "%t %{SSL_CLIENT_I_DN_CN}x %{SSL_CLIENT_S_DN_CN}x" > > SSLCACertificateFile /srv/www/ca.crt > SSLVerifyClient require > SSLVerifyDepth 1 > > SSLOptions +StrictRequire > > </VirtualHost> > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx