RE: Requesting help with Smart Card Client Certificate Authentication issue.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

My test originally was this
<Location />
     SSLVerifyClient require

     SSLVerifyDepth 10

     SSLOptions +StdEnvVars
</location>

Same issue whether based on a directory or using the root location.
I'm still trying to figure out why one and only IE works, but no others.
I've tried HTTP Analyzer plugin for IE which only shows a single error (nothing else)

ERROR_INTERNET_SECURITY_CHANNEL_ERROR

Nothing else at all in the trace.

If I go to the root url (which is SSL Enabled, but no client verify)

I will try your suggestion of wireshark.


-----Original Message-----
From: Eric Covener [mailto:covener@xxxxxxxxx] 
Sent: Tuesday, October 27, 2009 10:17 AM
To: users@xxxxxxxxxxxxxxxx
Subject: Re:  Requesting help with Smart Card Client Certificate Authentication issue.

On Mon, Oct 26, 2009 at 10:36 PM, Berube, Steve (HP Software)
<steve.berube@xxxxxx> wrote:
> <Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin">
>
>     SSLVerifyClient require
>
>     SSLVerifyDepth 10
>
>     SSLOptions +StdEnvVars
>
> </Directory>


Can you simplify your testing by setting this outside of per-directory
config?  Have you used wireshark to see if Apache is sending the
proper list of trusted certificates that line up with whoever signed
your certs in your HW device?

Perhaps http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile
or  http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatepath
might help?

-- 
Eric Covener
covener@xxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux