RE: mod_ssl + basic auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <users@xxxxxxxxxxxxxxxx>
Subject: RE: mod_ssl + basic auth
From: "Jorge Medina" <jmedina@xxxxxxxxxxxx>
Date: Thu, 30 Oct 2008 09:55:57 -0400
In-reply-to: <888a4c0810292006y16149aa8mc6e3477290c7fe83@xxxxxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx
Thread-index: Ack6PJZgki+cV48oQCO0LZFWUV6k2AAWAAFQ
Thread-topic: mod_ssl + basic auth

http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslverifyclient

Try moving SSLVerifyClient outside of the <Directory>, just in your <VirtualHost>.

Also, seems that "optional" is not supported by all browsers. You must use "require".

From: Ricardo Ramos [mailto:battery.in.your.leg@xxxxxxxxx]
Sent: Wednesday, October 29, 2008 11:06 PM
To: users@xxxxxxxxxxxxxxxx
Subject: mod_ssl + basic auth

Hi!

I want to do this: check if the client sends me a certificate which my self-signed CA has signed or if the client is inside the same network or if the client enters a username+password.

However, with this, I can't have my browser(s) prompting me for a certificate.. it just seems that that part is ignored...

Any suggestions?

PS - i've seen already the ssl_howto page (in fact this is a bit based from there)

Thanks in advance for any help!

Ricardo

<VirtualHost 10.254.0.54:443>
        ServerName              intra54.dei.uc.pt
        DocumentRoot            /var/www/intra54/html
        ServerAdmin             lame@xxxxxxxxxx
        SSLEngine               on
        SSLCertificateFile      /var/www/intra54/ssl/intra54.crt
        SSLCertificateKeyFile   /var/www/intra54/ssl/intra54.key
        SSLCACertificateFile    /etc/pki/SSC_CA/ssc_ca.crt

        <Directory /var/www/intra54/html>
                Order                   deny,allow
                Deny                    from all
                Allow                   from 10.254.0.0/24

                AuthType                basic
                AuthName                "Area intra54.dei.uc.pt"
                AuthUserFile            /var/www/intra54/passwd/passwd
                Require                 valid-user

Satisfy any

                SSLVerifyClient         optional
                SSLVerifyDepth          1
                SSLOptions              -StrictRequire

# SSLRequireSSL
</Directory>
</VirtualHost>

Follow-Ups:
- Re: mod_ssl + basic auth
  - From: Ricardo Ramos

References:
- mod_ssl + basic auth
  - From: Ricardo Ramos

Prev by Date: RE: 502 proxy error
Next by Date: Apache 1.3.33 + suexec upgrade
Previous by thread: mod_ssl + basic auth
Next by thread: Re: mod_ssl + basic auth
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]