LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-16-2012, 07:57 AM   #16
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,604

Rep: Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241

I haven't done this in quite a while, but a google search brought up:

http://www.garex.net/apache/

They have an example (copied below):

Code:
<Directory "/www/hidden/docs">
<IfDefine SSL>
    SSLRequireSSL
    SSLRequire           %{SSL_CLIENT_S_DN_O}  eq "garex AG" and  
    %{SSL_CLIENT_S_DN_OU} in {"Fun dept."}
</IfDefine>
...
</Directory>
That should give a hint...

htaccess doesn't give a good approache except through simple login (which is only encrypted by the session using the host certificate).

Something like the above would be needed.
 
Old 12-17-2012, 10:28 AM   #17
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
After having created the server certificates, I'm getting the following in my Firefox browser :

Peer's certificate has an invalid signature.
(Error code: sec_error_bad_signature)


Does this mean I just need to load the correct signed client certificate into my Firefox ?
Or does this mean I totally misconfigured my https-server ?

My configuration :
(/etc/httpd/conf.d/my-ssl.conf)

DocumentRoot "/var/www/vhosts/mysslserver.tld/httpsdocs"

ServerName mysslserver.tld:443
ServerAdmin info@mysslserver.tld

# Here, I am allowing only "high" and "medium" security key lengths.
SSLCipherSuite HIGH:MEDIUM

# Here I am allowing SSLv3 and TLSv1, I am NOT allowing the old SSLv2.
SSLProtocol all -SSLv2

# Server Certificate:
SSLCertificateFile /etc/pki/tls/certs/myssl-server.crt

# Server Private Key:
SSLCertificateKeyFile /etc/pki/tls/private/myssl-server.key

# Server Certificate Chain:
SSLCertificateChainFile /etc/pki/tls/certs/my-ca.crt

# Certificate Authority (CA):
SSLCACertificateFile /etc/pki/tls/certs/my-ca.crt

<Directory "/var/www/vhosts/mysslserver.tld/httpsdocs">
Options Indexes
AllowOverride None
Allow from from all
Order allow,deny
</Directory>
 
Old 12-17-2012, 12:18 PM   #18
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
Also tried with this config but same result :

<VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile /etc/pki/tls/certs/myssl-server.crt
SSLCertificateKeyFile /etc/pki/tls/private/myssl-server.key
SSLCertificateChainFile /etc/pki/tls/certs/my-ca.crt
SSLCACertificateFile /etc/pki/tls/certs/my-ca.crt
<Directory /var/www/vhosts/mysslserver.tld/httpsdocs>
AllowOverride All
</Directory>
DocumentRoot /var/www/vhosts/mysslserver.tld/httpsdocs
ServerName mysslserver.tld
</VirtualHost>
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Debian Apache2 protected directories user1234321 Linux - Server 4 07-06-2007 07:27 AM
Help with CVSWeb and protected directories required. theVman Linux - Newbie 1 10-13-2006 01:09 PM
protected directories tommytomato Linux - Security 2 01-11-2004 11:34 PM
password protected directories dsgdevil Linux - General 1 02-17-2003 01:02 AM
Password Protected Directories TheSockMonster Linux - Security 2 05-31-2002 05:07 PM


All times are GMT -5. The time now is 10:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration