RE: [users@httpd] Requesting help with Smart Card Client Certificate Authentication issue.

Tue, 27 Oct 2009 07:22:51 -0700 

My test originally was this
<Location />
     SSLVerifyClient require

     SSLVerifyDepth 10

     SSLOptions +StdEnvVars
</location>

Same issue whether based on a directory or using the root location.
I'm still trying to figure out why one and only IE works, but no others.
I've tried HTTP Analyzer plugin for IE which only shows a single error (nothing 
else)

ERROR_INTERNET_SECURITY_CHANNEL_ERROR

Nothing else at all in the trace.

If I go to the root url (which is SSL Enabled, but no client verify)

I will try your suggestion of wireshark.


-----Original Message-----
From: Eric Covener [mailto:[email protected]] 
Sent: Tuesday, October 27, 2009 10:17 AM
To: [email protected]
Subject: Re: [us...@httpd] Requesting help with Smart Card Client Certificate 
Authentication issue.

On Mon, Oct 26, 2009 at 10:36 PM, Berube, Steve (HP Software)
<[email protected]> wrote:
> <Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin">
>
>     SSLVerifyClient require
>
>     SSLVerifyDepth 10
>
>     SSLOptions +StdEnvVars
>
> </Directory>


Can you simplify your testing by setting this outside of per-directory
config?  Have you used wireshark to see if Apache is sending the
proper list of trusted certificates that line up with whoever signed
your certs in your HW device?

Perhaps 
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile
or  http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatepath
might help?

-- 
Eric Covener
[email protected]

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [email protected]
   "   from the digest: [email protected]
For additional commands, e-mail: [email protected]


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [email protected]
   "   from the digest: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to