On Sun, Sep 16, 2001 at 10:16:12PM +0800, joan wang wrote:
> I haved try many method, but can't solve my problem.
> I configure my apache in client authentication. After client choosing user
>login(user can choose viewer), the connection is disconnect(authentication failed).
>But if client choose the user cert issued by apache(not third party CA), the
>connction is success!!
> Pls tell me how to configure..thanks so much..
>
Try setting SSLLogLevel debug and take a look in the logfile - or tell us
the exact error that you get from the browser. It looks as it could be the
client that doesn't have the right kind of certificate.
> ======my httpd.conf==========
> SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
> SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
> SSLCACertificatePath /usr/local/apache/conf/ssl.crt
> (I have put the veriSign cert in this directory)
If you use the SSLCACertificatePath then remember to run a make update
in that directory.
> SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle.crt
> (including the veriSign certificate(PEM format)
You really shouldn't mix SSLCACertificatePath and SSLCACertificateFile
one of them should be enough.
I'm assuming that you also have stuff like SSLEngine on and
SSLVerifyClient require in the right places in your config.
vh
Mads Toftum
--
With a rubber duck, one's never alone.
-- "The Hitchhiker's Guide to the Galaxy"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
