On Sun, Jan 18, 2009 at 9:09 AM, Eray Aslan <eray.aslan@xxxxxxxxxx> wrote:
> I cannot get IE7 Windows Vista clients to authenticate with SSL Certs.
> Browser lets me choose the certificate but results in "Cannot display
> the web page..". Server logs just the generic:
>
> Jan 18 14:00:01 sunny apache2-TL: 62.x.x.x - - [18/Jan/2009:14:00:01
> +0000] "GET /secure HTTP/1.1" 403 -
>
> Windows XP clients with IE6 can access the web pages with no problem.
> Searching the archives makes me think that firefox should have no
> problems as well. So basically it is problem with IE7.
>
> Any pointers to make IE7 authenticate with client SSL certs to the web
> server? Is there any work arounds?
>
> Apache 2.2.10
>
> Settings:
>
> SSLEngine on
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile /etc/apache2/ssl/apacheCert.pem
> SSLCertificateKeyFile /etc/apache2/ssl/apache.key
> SSLCACertificateFile /var/www/xxx.xxx/htdocs/cacert.crt
> SSLCARevocationFile /var/www/xxx.xxx/htdocs/crl.pem
> SSLVerifyClient none
> <Location /secure>
> SSLVerifyClient require
> SSLVerifyDepth 1
> </Location>
>
> Thank you
> --
> Eray
I've got this in my ssl config, based on something that was in
examples config file:
# Bend forward for MicroSloth
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
But It doesn't really look like it's related to client auth. Might be
worth a try, though
-Brian
--
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|