Hi Samuel,
I'm sorry if my error reporting was a little confusing. The whole server on
port 443 runs SSL and has a server certificate. But for one subdirectory I
am requiring a client certificate of a certificate authority that I trust.
Apache should always check these client certificates against the CRLs. In my
set up it only checks it sometimes (average every third request).
Jens
-----Original Message-----
From: Paul [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 09, 2001 3:03 PM
To: [EMAIL PROTECTED]
Subject: Re: ssl connection for a particular directory
> [EMAIL PROTECTED] wrote:
> > Is there anybody to tell me : How can i force in the apache
> > configuration file the use of a ssl connection for a particular
> > directory without using virtual hosts ?
You'll probably have to run a whole seperate server if you aren't using
vhosts.
The choice of protocol is done before the connection is established;
path translation is way later. What you *could* do, however, is to have
the index page in that directory check the port number or something.
mod_perl makes that pretty easy; Apache::Request probably does, too.
I'm not sure off the top of my head how you'd do it without perl. If
it's not secure, redirect to the secure server.
You could kind of do it anyway, just as a matter of course. Have the
index page (I'd recommend a CGI) do an external redirect to the secure
socket. Obviously, you have to have an SSL server running somewhere,
either as another server or as a vhost or *something*, but then the
default page in that directory will redirect to the https://
other-page.
But you can't have just one directory be SSL on one server, because the
SSL protocol has to be established *WAY* before the server knows what
directory the user wants.....
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
This footnote confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
-----------------------------------------------------------------------------------------------------------------
The information contained in this message is confidential and is intended
for the addressee(s) only. If you have received this message in error or
there are any problems please notify the originator immediately. The
unauthorized use, disclosure, copying or alteration of this message is
strictly forbidden. Baltimore Technologies plc will not be liable for direct,
special, indirect or consequential damages arising from alteration of the
contents of this message by a third party or as a result of any virus being
passed on.
In addition, certain Marketing collateral may be added from time to time to
promote Baltimore Technologies products, services, Global e-Security or
appearance at trade shows and conferences.
This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
