I've setup a https site with Apache 2.0.52, mod_ssl 2.0.52 and OpenSSL 0.9.7a
(Red Hat Enterprise Linux ES release 4 (Nahant Update 4)). A special
directory should be optional authenticated via client certificate. This
works with Firefox, Netscape, IE6 but not with IE7 (Windows XP SP2 and
Windows Vista).
When trying to access the page with IE7 the browser let me choose the client
certificate but then shows the error message "The browser can not connect to
the site.". In the log files of the server there's only 1 new line:
[error] Re-negotiation handshake failed: Not accepted by client!?
Here's the httpd.conf part for SSL:
SSLEngine on
SSLProtocol +SSLv3
SSLCipherSuite HIGH:MEDIUM:SSLv3
SSLCertificateFile /etc/httpd/conf/ssl.crt/mydomain.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mydomain.key
SSLCACertificateFile /etc/httpd/conf/ssl.crt/mydomain.ca-bundle
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
<Directory "/var/www/public/htdocs/protected">
SSLVerifyClient optional
SSLVerifyDepth 5
SSLCACertificateFile /etc/httpd/conf/protected/ssl.crt
SSLOptions +FakeBasicAuth +StdEnvVars +ExportCertData
</Directory>
Any suggestions?
--
View this message in context: http://www.nabble.com/SSLVerifyClient-with-IE7-tp15827486p15827486.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|