Re: SSLVerifyClient applies to parent directory
Florian Hackenberger a écrit : On Thursday 26 June 2008, Cuesta Gilles wrote: Maybe try this: Listen 443 SSLEngine On SSLCertificateFile /etc/apache2/ssl/acoveo.com.pem DocumentRoot "/usr/local/htdocs" SSLVerifyClient require SSLVerifyDepth 1 Unfortunately it leads to the same result, but thanks for the suggestion. Regarding mod_ssl: "In per-server context it applies to the client authentication process used in the standard SSL handshake when a connection is established. " "In per-directory context it forces a SSL renegotation with the reconfigured client verification level after the HTTP request was read but before the HTTP response is sent." So maybe: Listen 443 SSLEngine On SSLCertificateFile /etc/apache2/ssl/acoveo.com.pem DocumentRoot "/usr/local/htdocs" SSLVerifyClient require SSLVerifyDepth 1 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: SSL proxy
[EMAIL PROTECTED] a écrit : I have several web servers currently that all have the same IP, but different host names, and I have an apache that uses mod_proxy to direct requests to the correct internal server to process the request. I would like to use my apache proxy server to provide SSL encryption and decryption, and not have to have each individual server do that. Is that possible? Apparently, understanding what you want to do, it's possible. It might depend on Apache / modssl versions One of the best way is doing encrypted HTTPS between client and proxy and clear HTTP between proxy and real server. You can also do encrypted HTTPS between proxy and real server, just adding some Apache configuration . __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Apache removal of user's access rights
Michael Ströder a écrit : Beth E. Okun wrote: We're running Apache with ssl enabled..We're using Basic authentication, and if the user browses away from our site and then comes back, they are not forced to log on again...it appears that these settings are being stored somewhere, or that the connection is not being closed.. How about to read about how Basic Authentication works? Or maybe watch the traffic with http://livehttpheaders.mozdev.org? Basically the browser caches username/password once entered for a HTTP authc realm and sends it in the header of every HTTP request. That's the problem with HTTP basic authc. This Apache related, not modssl related. Whereas, there are technical ways to reproduce an end of session, using secondary session_id, just like phpmyadmin. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]