http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslverifyclient Try moving SSLVerifyClient outside of the <Directory>, just in your <VirtualHost>. Also, seems that "optional" is not supported by all browsers. You must use "require".
________________________________ From: Ricardo Ramos [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2008 11:06 PM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] mod_ssl + basic auth Hi! I want to do this: check if the client sends me a certificate which my self-signed CA has signed or if the client is inside the same network or if the client enters a username+password. However, with this, I can't have my browser(s) prompting me for a certificate.. it just seems that that part is ignored... Any suggestions? PS - i've seen already the ssl_howto page (in fact this is a bit based from there) Thanks in advance for any help! Ricardo <VirtualHost 10.254.0.54:443> ServerName intra54.dei.uc.pt DocumentRoot /var/www/intra54/html ServerAdmin [EMAIL PROTECTED] SSLEngine on SSLCertificateFile /var/www/intra54/ssl/intra54.crt SSLCertificateKeyFile /var/www/intra54/ssl/intra54.key SSLCACertificateFile /etc/pki/SSC_CA/ssc_ca.crt <Directory /var/www/intra54/html> Order deny,allow Deny from all Allow from 10.254.0.0/24 AuthType basic AuthName "Area intra54.dei.uc.pt" AuthUserFile /var/www/intra54/passwd/passwd Require valid-user Satisfy any SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions -StrictRequire # SSLRequireSSL </Directory> </VirtualHost>
