Re: mod_ssl + basic auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

That doesn't seem to work for me. I mean, it asks me for the certificate, however if the certificate is accepted, it will still check if it is inside the lan or if the user/pass is ok. What I really wanted would be if a valid certificate is received, then promptly accept the client.
 
Yeah I read about that.. But is there another way then I can solve my problem?
 
Thanks!
 
Ricardo

On Thu, Oct 30, 2008 at 1:55 PM, Jorge Medina <jmedina@xxxxxxxxxxxx> wrote:
 
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslverifyclient
 
Try moving SSLVerifyClient outside of the <Directory>, just in your <VirtualHost>. 
 
Also, seems that "optional" is not supported by all browsers. You must use  "require".
 

From: Ricardo Ramos [mailto:battery.in.your.leg@xxxxxxxxx]
Sent: Wednesday, October 29, 2008 11:06 PM
To: users@xxxxxxxxxxxxxxxx
Subject: mod_ssl + basic auth

Hi!
 
I want to do this: check if the client sends me a certificate which my self-signed CA has signed or if the client is inside the same network or if the client enters a username+password.
 
However, with this, I can't have my browser(s) prompting me for a certificate.. it just seems that that part is ignored...
 
Any suggestions?
 
PS - i've seen already the ssl_howto page (in fact this is a bit based from there)
 
Thanks in advance for any help!
 
Ricardo
 
<VirtualHost 10.254.0.54:443>
        ServerName              intra54.dei.uc.pt
        DocumentRoot            /var/www/intra54/html
        ServerAdmin             lame@xxxxxxxxxx
        SSLEngine               on
        SSLCertificateFile      /var/www/intra54/ssl/intra54.crt
        SSLCertificateKeyFile   /var/www/intra54/ssl/intra54.key
        SSLCACertificateFile    /etc/pki/SSC_CA/ssc_ca.crt

        <Directory /var/www/intra54/html>
                Order                   deny,allow
                Deny                    from all
                Allow                   from 10.254.0.0/24

                AuthType                basic
                AuthName                "Area intra54.dei.uc.pt"
                AuthUserFile            /var/www/intra54/passwd/passwd
                Require                 valid-user

                Satisfy                 any

                SSLVerifyClient         optional
                SSLVerifyDepth          1
                SSLOptions              -StrictRequire

#               SSLRequireSSL
        </Directory>
</VirtualHost>


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux