Welcome to the Linux Foundation Forum!

SSL Client Certificate Authentication

Posts: 1
edited October 2016 in Web Management

 

Hi all, I'm configuring a website, which require SSL Client Auth on a specific Folder of the website

The main setup in VirtualHost Configuration to do so should be:

SSLCA ssl/foder/cert.pem

<Location /Folder/>

SSL Require

SSl VerifyDepth 1

</Location>

I think to have set it up correctly but, i don't understand why, the client cannot see that folder of the website, (he have his client certificate installed in his browser signed by the same CA that is set up in SSLCA directive)

The error.log of apache says: Renegotiation Handshake Failed.

1.What could cause this error?

2.Maybe i forgot to set up something on VirtualHost (like SSL Option that in commented and I don't know if it should be in that way)

I'm using Debian Jessie.

Help Please!!!!! :) 

P.S. Do not link forum asnwer or google results, i 've read almost all of it.

 

 

Thanks a lot!

Comments

  • Here you are my working SSL setup of Apache virtual host:

    `

    ServerAdmin webmaster@domain.com

    1. ServerName www.domain.com:443
    2. DocumentRoot /var/www/
    3. <Directory />
    4. Options Indexes FollowSymLinks MultiViews
    5. AllowOverride All
    6. Order allow,deny
    7. allow from all
    8. </Directory>
    9. <Directory /var/www/>
    10. Options Indexes FollowSymLinks MultiViews
    11. AllowOverride All
    12. Order allow,deny
    13. allow from all
    14. </Directory>
    15.  
    16. ErrorLog /var/www/www.domain.com_error.log
    17.  
    18. # Possible values include: debug, info, notice, warn, error, crit,
    19. # alert, emerg.
    20. LogLevel warn
    21.  
    22. CustomLog /var/www/www.domain.com_access.log combined
    23.  
    24. # SSL Engine Switch:
    25. # Enable/Disable SSL for this virtual host.
    26. SSLEngine on
    27. # A self-signed (snakeoil) certificate can be created by installing
    28. # the ssl-cert package. See
    29. # /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
    30. # If both key and certificate are stored in the same file, only the
    31. # SSLCertificateFile directive is needed.
    32. SSLCertificateFile /etc/ssl/certs/STAR_domain.com.pem
    33. SSLCertificateKeyFile /etc/ssl/private/STAR.domain.com.key
    34.  
    35. <FilesMatch "\.(cgi|shtml|phtml|php)$">
    36. SSLOptions +StdEnvVars
    37. </FilesMatch>
    38. <Directory /usr/lib/cgi-bin>
    39. SSLOptions +StdEnvVars
    40. </Directory>
    41.  
    42. BrowserMatch ".*MSIE.*" \
    43. nokeepalive ssl-unclean-shutdown \
    44. downgrade-1.0 force-response-1.0



    `

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training