CLient/Server Certificates

CLient/Server Certificates

am 27.06.2002 20:54:38 von Saunders Jack

I am running Apache 1.3.26 with mod_ssl/openssl. I have configured a server certificate from versign and https communication works great. However I am trying to now configure client certs. I have configured apache to trust the CA. But now if I have a browser that tries a https connection without a certificate imported in the browser I get a page cannot be found error. How can both types of certificates exist in apache without stopping https communication for everyone. Some resources will use server to browser 128 bit encryption and others may require client certs.

Thanks

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: CLient/Server Certificates

am 28.06.2002 10:25:03 von Jeff Aqua

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Saunders Jack
> Sent: 27 June 2002 19:55
> To: 'modssl-users@modssl.org'
> Subject: CLient/Server Certificates
>
>
> I am running Apache 1.3.26 with mod_ssl/openssl. I have
> configured a server certificate from versign and https
> communication works great. However I am trying to now
> configure client certs. I have configured apache to trust
> the CA. But now if I have a browser that tries a https
> connection without a certificate imported in the browser I
> get a page cannot be found error. How can both types of
> certificates exist in apache without stopping https
> communication for everyone. Some resources will use server
> to browser 128 bit encryption and others may require client certs.
>
> Thanks

Client and Server certificates co-reside happily without problems.

Sounds like you need to look at your SSL settings for the client
certs in httpd.conf. You probably have something like

SSLVerifyClient require

which means a client certificate is REQUIRED for access.
Try setting this to

SSLVerifyClient optional

which means you will get a certificate if the user has one, and
they decide to let you see it. Either way, they get access.

Regards
Jeff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org