Hello,
Adding <Location> around SSLVerifyClient and SSLVerifyDepth is causing my
mutual
authentication to fail with a ssl_error_handshake_failure_alert message. I
can't seem to determine what might be causing this. I'll just jump right to
the code below:
[WORKS]
Excerpting my httpd.conf:
<VirtualHost _default_:443>
DocumentRoot "<path edited>/htdocs"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+eNULL
SSLCertificateFile "<path edited>/Cert/ssl.crt/server.crt"
SSLCertificateKeyFile "<path edited>/Cert/ssl.key/server.key"
SSLCACertificateFile "<path edited> Cert/ca.cer"
SSLVerifyClient required
SSLVerifyDepth 1
<truncated>
The above works like a charm. The only problem is it works EVERYWHERE I use
443 ... which is as expected. So when I add my <Location> directive as below
I get the Error code: ssl_error_handshake_failure_alert. Though it properly
triggers this error on requests to the specified location. So I know that
part is being picked up properly. Does anybody know what can be causing
this? This seems to be how it was behaving before I added in the
SSLCACertificateFile information. Could the Location tag be causing the
server to somehow ignore my SSLCACertificateFile?
[DOESN'T WORK] : Error code: ssl_error_handshake_failure_alert
<VirtualHost _default_:443>
DocumentRoot "<path edited>/htdocs"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+eNULL
SSLCertificateFile "<path edited>/Cert/ssl.crt/server.crt"
SSLCertificateKeyFile "<path edited>/Cert/ssl.key/server.key"
SSLCACertificateFile "<path edited> Cert/ca.cer"
<Location /logonWithCertificate>
SSLVerifyClient required
SSLVerifyDepth 1
</Location>
<truncated>
Thanks in advance for any insight.
-John
