Christian Nolte wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
I have set up certificate based authentication using
SSLVerifyClient require
in my httpd.conf. Everything works fine but if a client does not have a
valid certificate Firefox gives an obscure error message:
"www.example.com has received an incorrect or unexpected message. Error
Code: -12227"
Is there a way to give the client a normal error page, like e.g. for 404
errors?
Best regards!
Christian
- --
For more than 4 generations the IT Professionals were the guardians
of quality and stability in software. Before the dark times.
Before Microsoft...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHfLeiCNjA0nfhW7wRAgUMAKDHF5oLVSLa7YkSoDt7bYmRvFOAtwCgzgwS
7C8W5RdIMDHAeA3PYIJOBPk=
=XlfO
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]
II. Tricks
1. Redirect all HTTP requests to HTTPS
a. Load mod_rewrite (see:
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html )
b. Add the following rule to your non-HTTPS server configuration
(httpd.conf):
# Require HTTPS
RewriteEngine on
RewriteRule ^/(.*) https://${SERVER_NAME}/$1
[redirect=permanent]
2. Redirect all requests that fail to authenticate to an error page
a. Load mod_rewrite (see:
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html )
b. Add the following rule to your HTTPS server configuration
(mod_ssl.conf):
i. Apache 1.3.x: (NOTE: Internet Explorer does not work
correctly with Apache 1.3.x and mod_ssl when SSLVerifyClient
is set to anything except "none")
# Redirect client-verification-failures to a specific
# page.
RewriteEngine on
RewriteCond %{SSL_CLIENT_VERIFY} !^SUCCESS$
RewriteRule . /error-pages/pki/pki-invalid.html [last]
i. Apache 2.2.x:
# Redirect client-verification-failures to a specific
# page.
RewriteEngine on
RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
RewriteRule . /error-pages/pki/pki-invalid.html [last]
c. Change "SSLVerifyClient" to "optional" (NOTE: Internet Explorer
does not work correctly with Apache 1.3.x and mod_ssl when
SSLVerifyClient is set to anything except "none")
SSLVerifyClient optional
--
Roy Keene (Contractor)
Office of Network Management (Code 7030.8)
Naval Research Laboratory
Stennis Space Center, MS 39529
DSN 828-4827
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]