Hello! I installed Apache/1.3.3 (Win32) mod_ssl/mod_ssl/2.1b8 SSLeay/0.9.0b. I configured Apache to access a directory with the basic authentication scheme (using htpasswd.users and htaccess file). The ".htaccess" file is: deny from all AuthType Basic AuthUserFile "/httpd/etc/htpasswd.users" AuthName "special directory" require valid-user satisfy any If I try to access the protected directory using the normal http protocol (using the url http://127.0.0.1/Protected"), everything works fine: the user/password window pops up, I give the correct user/password sequence and Apache correctly lets me enter. If I try to access the protected directory using the *https* protocol (using the url https://127.0.0.1/Protected), the Apache server just wait few minutes and then Netscape shows me a windows with "No response from the server". The SSL section in http.conf is the following: ===================================================================== DocumentRoot "/httpd/htdocs" ServerAdmin [EMAIL PROTECTED] ErrorLog logs/error.log TransferLog logs/access.log CustomLog logs/ssl_request.log "%t %h %{version}c %{cipher}c \"%r\" %b %{subjectdn}c %{issuerdn}c" SSLEngine on [...snip... certificate stuff ...snip...] SSLoptions -FakeBasicAuth # Set the file containing CA certificates which are sent to the # client on an `SSLv3 write certificate request A'. This is # used with SSLv3 certificate chaining where the client loads # intermediate certificates in the chain from the server to # speedup processing of the server authentication. This # defaults to SSLCACertificateFile but can be set to a # different file when you want to use a different set of # certificates you sent out to the client. #SSLCACertificateReqFile c:/apps/apache/conf/ssl.crt/ca-bundle.crt # Set client verification level: [RECOMMENDED] # none: no certificate is required # optional: the client may present a valid certificate # require: the client must present a valid certificate # optional_no_ca: the client may present a valid certificate # but it is not required to have a valid CA SSLVerifyClient optional_no_ca # Set how deeply to verify the certificate issuer chain before # deciding the certificate is not valid. [OPTIONAL] SSLVerifyDepth 2 # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. [OPTIONAL] #SSLCipherSuite RC4-MD5:RC4-SHA:IDEA-CBC-MD5:DES-CBC3-SHA # With SSLRequire you can do access control based on # arbitrary complex boolean expressions containing # server variable checks and other lookup directives. # The syntax is a mixture between C and Perl. # See the mod_ssl documentation for more details. #SSLRequire %{SSL_CIPHER} !~ m/^EXP-.*/ and \ # %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." and \ # %{REMOTE_ADDR} =~ m/^1\.2\.3\.[0-9]+$/ ===================================================================== Why basic auth doesn't work with SSL ? Can anyone help me ? Bye, Achille. ______________________________________________________________________ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
