Hi Tony,

if you want run SSL my understanding is
that your server need a certificate and
a key file too or do you have it at another place ?
Like:
 SSLCertificateFile    /path/to/conf/ssl.crt/subversion2.phoenixphire.org.crt
 SSLCertificateKeyFile /path/to/conf/ssl.key/subversion2.phoenixphire.org.key
Than it would be better not to put your key and
crtificate files in the document root. Make this too:
 SSLCertificateFile    /path/to/conf/ssl.crt/ca.crt
"LogLevel debug" can help you later that you see what is going wrong
during the connection phase between your client and your server

Greets

oliver


-----Ursprüngliche Nachricht-----
Von: Tony Davies [mailto:[EMAIL PROTECTED]
Gesendet: Do 02.03.2006 00:59
An: users@httpd.apache.org
Betreff: [EMAIL PROTECTED] SSLVerifyClient require in Virtual Host
 
Hi,

I am running Apache 2.0.55 on a Linux From Scratch box.

I am trying to get an entire virtual host to get an entire virtual host to use 
client certificates to authenticate, however I can only get it to work on 
<Location /> directive (I havent tried <Directory>) which forces a renogiate.

This is fine for things like Firefox which can handle the renogiation, however 
I plan on turning this virtual host into a subversion repository and havent 
been able to get renogiation to work with the svn client or javasvn (but that 
is a whole other problem).

The subversion2.phoenixphire.org-ssl.log verifies that a client certificate 
isnt being sent with my configuration. After running some tests with 
SSLVerifyClient require in a <Location /> directive I can verify that firefox 
does send a client certificat after a renogiation.

Is this a bug? The Apache 2.0 documentation says that this is valid and should 
work (The howto on the apache site for this also says this should work).

Cheers,

Phoenix

My virtual host config is as follows:

<VirtualHost *:443>
        ServerName subversion2.phoenixphire.org
        DocumentRoot /srv/www/subversion2.phoenixphire.org

        ErrorLog /var/log/apache/subversion2.phoenixphire.org-error.log
        CustomLog /var/log/apache/subversion2.phoenixphire.org-access.log common
        CustomLog /var/log/apache/subversion2.phoenixphire.org-ssl.log "%t 
%{SSL_CLIENT_I_DN_CN}x %{SSL_CLIENT_S_DN_CN}x"

        SSLCACertificateFile /srv/www/ca.crt
        SSLVerifyClient require
        SSLVerifyDepth 1

        SSLOptions +StrictRequire

</VirtualHost>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


<<winmail.dat>>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to