LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-21-2012, 06:06 AM   #1
ravindert
Member
 
Registered: Oct 2011
Posts: 68

Rep: Reputation: Disabled
How to configure the Client Side authentication on Apache server Using SSLVerifyClie


Hi ,

I have installed the apache server with self signed CA certificate and now i want to authenticate the client with the client certificate installed in the browser of the client. Below is the configuration for the website i have. I tried to generate the client ssl certificate and installed in the browser but is not working and i am getting error (Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error. )

<Location />
SSLVerifyClient require
SSLVerifyDepth 1
</Location>

But when i change require to optional then i start browsing the website . But i want to browse the website with the require option.

Kindly suggest how to solve this problem

Thanks a lootttttttt

Ravinder
 
Old 07-23-2012, 04:37 PM   #2
Pearlseattle
Member
 
Registered: Aug 2007
Location: Zurich, Switzerland
Distribution: Gentoo
Posts: 934

Rep: Reputation: 104Reputation: 104
Hi
You're right - if with "require" it does not work, then with the "optional" option it probably falls back to not checking your certificate.
How does your full apache configuration look like? I suppose that you added stuff like...
Code:
        SSLEngine on

        ## SSL Cipher Suite:
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /myserv_cert.crt
        SSLCertificateKeyFile /mypriv_key.key
        SSLCertificateChainFile /mycertchain.crt
        SSLOptions StrictRequire
        SSLProtocol all -SSLv2
        SSLOptions +StdEnvVars
                BrowserMatch ".*MSIE.*" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
...right?

And which browser are you using on the client side?

And can by increasing the "LogLevel" option to e.g. "info" do you get more informations when you fail to connect?

Cheers
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Mounting multiple NFS or Samba shares: client-side or server-side? mariogiov Linux - Server 4 04-03-2012 09:11 AM
[SOLVED] LDAP authentication of unregistered user at client side. sheelavantar Linux - Server 1 09-02-2011 03:12 AM
How to login multiple client pc on using via openvpn server from client side raja6525 Linux - Networking 1 11-24-2010 10:42 AM
can't get access to client-side network from server-side network through openvpn nass Linux - Server 1 11-02-2009 05:41 AM
Client Authentication in Apache HTTP Server gjagadish Linux - Software 1 09-11-2006 03:56 AM


All times are GMT -5. The time now is 04:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration