Re: SSL Client Auth with Virtual Hosts
This is a discussion on Re: SSL Client Auth with Virtual Hosts within the Modssl Users forums, part of the Web Server and Related Forums category; I'm not a guru but I would suspect that your NameVirtualHost directives need to differ. You probably need to ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-02-2005
|
|||
|
|||
Re: SSL Client Auth with Virtual Hosts
I'm not a guru but I would suspect that your NameVirtualHost
directives need to differ. You probably need to configure the virtual hosts using their domain names, like this: ------------------------------------------------------------ NameVirtualHost abc1-no-client-auth.com:443 <VirtualHost abc1-no-client-auth.com:443> ... </VirtualHost> NameVirtualHost abc1-ssl-client-auth.com:443 <VirtualHost abc1-ssl-client-auth.com:443> ... </VirtualHost> ------------------------------------------------------------ Otherwise I think one will just overwrite the other. Also for MSIE compatibility it is recommended that you add the following to the virtual host configuration: ------------------------------------------------------------ SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 ------------------------------------------------------------ Hope this was helpful. /Daniel ----- Original Message ----- From: "Hoda Nadeem" <hoda_nadeem@bah.com> To: <modssl-users@modssl.org> Sent: Thursday, June 02, 2005 3:26 PM Subject: RE: SSL Client Auth with Virtual Hosts Are there any parameters that I am missing, or am I doing something incorrect? On my setup, client authentication is either on or off globally. I can't seem to isolate it at the virtual host level. Thanks. Nadeem Example again: NameVirtualHost 111.111.111.111:443 <Virtualhost 111.111.111.111:443> ServerAdmin adsfasfsa@asdfasfds.com DocumentRoot /var/www ServerName abc1-no-client-auth.com SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key </VirtualHost> <Virtualhost 111.111.111.111:443> ServerAdmin adsfasfsa@asdfasfds.com DocumentRoot /var/www ServerName abc1-ssl-client-auth.com SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key SSLVerifyClient require SSLVerifyDepth 2 SSLCACertificateFile /etc/httpd/conf/ssl.crt/server-calist.crt SSLOptions +StdEnvVars +ExportCertData </VirtualHost> __________________________________________________ ____________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org 
|
Linear Mode
