Hi,
I am recently set-up an environment for testing client certificate based
authentication on an apache webserver. The test environment is a recent Ubuntu
8.10 distro with tinyca2 0.7.5 and apache 2.2.9. I have setup a test root CA,
two certificates signed by this CA: One for the webserver and one for the user.
Everything done by tinyca2. First I configured apache to allow only
ssl-connections (no client certificates yet): Everything worked so far: /var/www
is only accessible via https. Now I added a new subdirectory /var/www/secret
with a dummy index.html which should only be accessible by users which provide a
certificate. So I added this to my sites-enabled/foo.conf:
...
SSLVerifyClient none
...
SSLVerifyClient require
SSLVerifyDepth 2
SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
and %{SSL_CLIENT_S_DN_CN} eq "My name in CN of certificate" )
What I expected was: outside of /var/www/secret (i.e. in /var/www or
/var/www/public) documents are accessible by everyone, only inside of
/var/www/secret a user needs to provide his certificate.
What I got was: apache asks for the users certificate no matter which document
is reqested (i.e. inside AND outside of /var/www/secret).
I used http://www.garex.net/apache/ as How-to.
Any hints?
Thanks in advance!
Jens
_________________________________________________________________
http://redirect.gimas.net/?n=M0902xFTPFotoalbum
Digitale Fotoalben und Videos ganz einfach selbst erstellen.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|