> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Saunders Jack > Sent: 27 June 2002 19:55 > To: '[EMAIL PROTECTED]' > Subject: CLient/Server Certificates > > > I am running Apache 1.3.26 with mod_ssl/openssl. I have > configured a server certificate from versign and https > communication works great. However I am trying to now > configure client certs. I have configured apache to trust > the CA. But now if I have a browser that tries a https > connection without a certificate imported in the browser I > get a page cannot be found error. How can both types of > certificates exist in apache without stopping https > communication for everyone. Some resources will use server > to browser 128 bit encryption and others may require client certs. > > Thanks
Client and Server certificates co-reside happily without problems. Sounds like you need to look at your SSL settings for the client certs in httpd.conf. You probably have something like SSLVerifyClient require which means a client certificate is REQUIRED for access. Try setting this to SSLVerifyClient optional which means you will get a certificate if the user has one, and they decide to let you see it. Either way, they get access. Regards Jeff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
