Welcome to the Linux Foundation Forum!

SSL Client Certificate Authentication

DanieleGenovese
DanieleGenovese Posts: 1
edited October 2016 in Web Management

 

Hi all, I'm configuring a website, which require SSL Client Auth on a specific Folder of the website

The main setup in VirtualHost Configuration to do so should be:

SSLCA ssl/foder/cert.pem

<Location /Folder/>

SSL Require

SSl VerifyDepth 1

</Location>

I think to have set it up correctly but, i don't understand why, the client cannot see that folder of the website, (he have his client certificate installed in his browser signed by the same CA that is set up in SSLCA directive)

The error.log of apache says: Renegotiation Handshake Failed.

1.What could cause this error?

2.Maybe i forgot to set up something on VirtualHost (like SSL Option that in commented and I don't know if it should be in that way)

I'm using Debian Jessie.

Help Please!!!!! :) 

P.S. Do not link forum asnwer or google results, i 've read almost all of it.

 

 

Thanks a lot!

Comments

  • Here you are my working SSL setup of Apache virtual host:

    `

    ServerAdmin webmaster@domain.com

        ServerName www.domain.com:443
        DocumentRoot /var/www/
        <Directory />                      
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all      
        </Directory>                       
        <Directory /var/www/> 
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all                                  
        </Directory>                                               
    
        ErrorLog /var/www/www.domain.com_error.log
    
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
    
        CustomLog /var/www/www.domain.com_access.log combined
    
        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on
        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile    /etc/ssl/certs/STAR_domain.com.pem
        SSLCertificateKeyFile /etc/ssl/private/STAR.domain.com.key 
    
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>
    
        BrowserMatch ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
    



    `

Categories

Upcoming Training