availability of certificate info
Hi all I'm trying to setup Apache talking to OpenLdap using certificates via a module called mod_authz_ldap through the SSL port, using mod_ssl. While I haven't entirely gotten that to work, I'm trying to determine out of that setup if it is possible to: - When a user authenticates himself to the site using his/her certificate, is it possible to access the certificate's info that is being sent to the openldap database, through a servlet?? This might not be the right list, but since one of the components is modssl related I thought I would give it a try. Any pointers are appreciated. Best regards Jose Correia Isis __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Usefull error pages for users
The SSL session is established *before* any HTTP traffic takes place. If the session fails to be set up, the client cannot send any request through to apache, which operates at the HTTP layer. So the server isn't really aware that any request was made and so can't very well generate a response... I think you'd have to hack into the mod_ssl code to achieve this. Rgds, Owen Boyle -Original Message- From: Danny Kruitbosch [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 28. August 2002 11:00 To: modssl-users Subject: Usefull error pages for users Hi, I'm trying to figure out the following: We're using client certs for authentication and the authentication works fine. But when a user connect and isn't able to present his cert of his cert is revoked he gets an 'DNS or server error' (IE 5.5/6.0). I would like to redirect this user to a custom error page saying something intelligent like: Certificate revoked No certificate presented Unable to verify certificate or server specific errors like: CRL expired Unable to verify certificate How can I set this up? (Is there a list of specific error codes SSL uses and can I use the ErrorDocument directive on this. If so where do I find this list of SSL error codes) Thanks, Danny __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
I: Apache 2.0.39 SSLProxy - can't authenticate to a remote server
Hello, I'have already posted this message to the Apache users list, but since it is a mod-ssl related problem I try here too. I'm trying to configure apache as a SSL reverse proxy (i.e. http from browser to apache and https from apache to the remote server); everything works fine if no client authentication is required by the server. When I turn on client autentication on the server, the apache proxy process serving the request get a segmentation fault. I've read the documentation that comes with apache2, but the SSLProxy directives are not so clear to understand. For example, in order to authenticate to a server, a proxy needs a key pair (and a certificate, of course) but no directive is available to specify a key; I tried SSLCertificateFile and SSLCertificateKeyFile but these are only used if SSLEngine is on, which provokes the proxy speak SSL to clients, and doesn't resolve the problem anyway. If SSLEngine is off, apache doesn't even ask for the key file password. Here is the relevant section of the configuration file: IfDefine SSL AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl.crl SSLPassPhraseDialog builtin SSLSessionCache dbm:logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin ## ## SSL Virtual Host Context ## VirtualHost _default_:80 ServerName claudio.sogei.it:80 SSLProxyEngine on SSLCertificateFile /usr/local/apache2/conf/ssl.crt/client.crt SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/client.key ProxyRequests On ProxyPass / https://ccampetto1.sogei.it/ SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/clientcertkey.crt /VirtualHost /IfDefine Maybe I missed something. Can anybody enligthen me? Thanks in advance. Claudio Campetto. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
SSL on Apache 1.3.26 running Redhat Linux 7.3
Title: SSL on Apache 1.3.26 running Redhat Linux 7.3 Hi: I have installed Apache 1.3.26 with SSL enabled in Redhat Linux 7.3 machine. I can connect to both port 80 and 443 on local browser, but can only connect to port 80 from my NT workstation. Does any one has idea on what's going wrong with my setting? I am thinking that it is Linux's system setting made this problem. Any hint will be highly appreciated. _/_/_/_/ _/ Steve Bao _/ _/_/ _/ _/ _/ _/ _/_/_/_/ Tel: (858) 625-6964 _/_/_/_/ _/ Fax: (858) 453-2816
RE: SSL on Apache 1.3.26 running Redhat Linux 7.3
Title: SSL on Apache 1.3.26 running Redhat Linux 7.3 firewall settings maybe? Try /etc/rc.d/init.d/ipchains stop and /etc/rc.d/init.d/iptables stop and see if it starts working from the NT box. If it does, you need adjust the firewall settings for ipchains or iptables (whichever you configured at install time). Eric -Original Message-From: Bao, Xiliang [mailto:[EMAIL PROTECTED]]Sent: Thursday, August 29, 2002 12:23 PMTo: [EMAIL PROTECTED]Subject: SSL on Apache 1.3.26 running Redhat Linux 7.3 Hi: I have installed Apache 1.3.26 with SSL enabled in Redhat Linux 7.3 machine. I can connect to both port 80 and 443 on local browser, but can only connect to port 80 from my NT workstation. Does any one has idea on what's going wrong with my setting? I am thinking that it is Linux's system setting made this problem. Any hint will be highly appreciated. _/_/_/_/ _/ Steve Bao _/ _/_/ _/ _/ _/ _/ _/_/_/_/ Tel: (858) 625-6964 _/_/_/_/ _/ Fax: (858) 453-2816