I'm not a guru but I would suspect that your NameVirtualHost directives need to differ. You probably need to configure the virtual hosts using their domain names, like this: ------------------------------------------------------------
NameVirtualHost abc1-no-client-auth.com:443 <VirtualHost abc1-no-client-auth.com:443> ... </VirtualHost> NameVirtualHost abc1-ssl-client-auth.com:443 <VirtualHost abc1-ssl-client-auth.com:443> ... </VirtualHost> ------------------------------------------------------------ Otherwise I think one will just overwrite the other. Also for MSIE compatibility it is recommended that you add the following to the virtual host configuration: ------------------------------------------------------------ SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 ------------------------------------------------------------ Hope this was helpful. /Daniel ----- Original Message ----- From: "Hoda Nadeem" <[EMAIL PROTECTED]> To: <modssl-users@modssl.org> Sent: Thursday, June 02, 2005 3:26 PM Subject: RE: SSL Client Auth with Virtual Hosts Are there any parameters that I am missing, or am I doing something incorrect? On my setup, client authentication is either on or off globally. I can't seem to isolate it at the virtual host level. Thanks. Nadeem Example again: NameVirtualHost 111.111.111.111:443 <Virtualhost 111.111.111.111:443> ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www ServerName abc1-no-client-auth.com SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key </VirtualHost> <Virtualhost 111.111.111.111:443> ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www ServerName abc1-ssl-client-auth.com SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key SSLVerifyClient require SSLVerifyDepth 2 SSLCACertificateFile /etc/httpd/conf/ssl.crt/server-calist.crt SSLOptions +StdEnvVars +ExportCertData </VirtualHost> ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]