SSL Client Certificate Authentication

DanieleGenovese

 

Hi all, I'm configuring a website, which require SSL Client Auth on a specific Folder of the website

The main setup in VirtualHost Configuration to do so should be:

SSLCA ssl/foder/cert.pem

<Location /Folder/>

SSL Require

SSl VerifyDepth 1

</Location>

I think to have set it up correctly but, i don't understand why, the client cannot see that folder of the website, (he have his client certificate installed in his browser signed by the same CA that is set up in SSLCA directive)

The error.log of apache says: Renegotiation Handshake Failed.

1.What could cause this error?

2.Maybe i forgot to set up something on VirtualHost (like SSL Option that in commented and I don't know if it should be in that way)

I'm using Debian Jessie.

Help Please!!!!!  

P.S. Do not link forum asnwer or google results, i 've read almost all of it.

 

 

Thanks a lot!

darkwizard

Here you are my working SSL setup of Apache virtual host:

`

ServerAdmin [email protected]

    ServerName www.domain.com:443
    DocumentRoot /var/www/
    <Directory />                      
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all      
    </Directory>                       
    <Directory /var/www/> 
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all                                  
    </Directory>                                               

    ErrorLog /var/www/www.domain.com_error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/www/www.domain.com_access.log combined

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on
    #   A self-signed (snakeoil) certificate can be created by installing
    #   the ssl-cert package. See
    #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
    #   If both key and certificate are stored in the same file, only the
    #   SSLCertificateFile directive is needed.
    SSLCertificateFile    /etc/ssl/certs/STAR_domain.com.pem
    SSLCertificateKeyFile /etc/ssl/private/STAR.domain.com.key 

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
            SSLOptions +StdEnvVars
    </Directory>

    BrowserMatch ".*MSIE.*" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0

`