[Modules] Cannot get client certificate verification to work

Sander Marechal s.marechal at jejik.com
Wed Jan 14 05:53:34 EST 2009


Sander Marechal wrote:
> So, it looks like GnuTLSClientVerify does not take the virtual host into
> account in the below configuration.

I have solved this problem thanks to Nikos, but now I am facing another
issue. I would like only some parts of my website to require a
certificate and other parts not. I have tried to do this with <Location>
directives but it does not seem to work.

When I connect to the root I do not get asked for a client certificate,
as expected. But when I go to /xmlrpc or to /users/certificate then I do
not get asked for a client certificate. Instead it simply shows the page
as if verification succeeded.

What am I doing wrong? My config is below:

<VirtualHost *:443>
        DocumentRoot /home/sander/projects/odf-shots/trunk/server/www
        ServerName cakephp.jejik.com:443

	# SSL using GnuTLS
	GnuTLSEnable On
	GnuTLSPriorities PERFORMANCE:%COMPAT
	GnuTLSCertificateFile /etc/apache2/ssl/odf-shots.jejik.com.cert
	GnuTLSKeyFile /root/certs/odf-shots.jejik.com.key
	GnuTLSClientVerify ignore
	GnuTLSClientCAFile /etc/ssl/certs/cacert.org.pem

        ErrorLog /var/log/apache2/error.log
        LogLevel warn
        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

	<Location "/xmlrpc">
		GnuTLSClientVerify require
	</Location>
	
	<Location "/users/certificate">
		GnuTLSClientVerify require
	</Location>
</VirtualHost>

Thanks in advance,

-- 
Sander Marechal


More information about the Modules mailing list