OS : Debian 10.9
Apache : 2.4.38 (from repo)
I presume I've missed something (obvious) in the doc, but the following
setup doesn't work for me and I believe it should :
<Directory /opt/wwwdoc/private2>
Options Indexes
AllowOverride None
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +StdEnvVars +ExportCertData +FakeBasicAuth
SSLRequireSSL
SSLRequire true
#SSLRequire %{SSL_CLIENT_S_DN_CN} eq "testuser"
</Directory>
ScriptAlias /scr2 /opt/wwwdoc/private2/script
I try to hit this folder with :
curl -v --cert testuser.cer --key testuser.rsa.key --data @test.txt
https://172.17.0.3:443/scr2/dropoff
According to my logic the above config should check whether the
certificates are valid and then let people in but instead no matter what I
try (and the certs are valid) I get an access denied (403)
I however I go with the following :
<Directory /opt/wwwdoc/private2>
Options Indexes
AllowOverride None
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +StdEnvVars +ExportCertData +FakeBasicAuth
SSLRequireSSL
Require all granted
</Directory>
After the certificate check the users are let in. What am I missing ?
Obliviously my ultimate goal is to check the certificate CN value (as you
can see in the first config). That doesn't work either.
Thomas
