[Modules] Cannot get client certificate verification to work
Sander Marechal
s.marechal at jejik.com
Wed Jan 14 05:53:34 EST 2009
Sander Marechal wrote:
> So, it looks like GnuTLSClientVerify does not take the virtual host into
> account in the below configuration.
I have solved this problem thanks to Nikos, but now I am facing another
issue. I would like only some parts of my website to require a
certificate and other parts not. I have tried to do this with <Location>
directives but it does not seem to work.
When I connect to the root I do not get asked for a client certificate,
as expected. But when I go to /xmlrpc or to /users/certificate then I do
not get asked for a client certificate. Instead it simply shows the page
as if verification succeeded.
What am I doing wrong? My config is below:
<VirtualHost *:443>
DocumentRoot /home/sander/projects/odf-shots/trunk/server/www
ServerName cakephp.jejik.com:443
# SSL using GnuTLS
GnuTLSEnable On
GnuTLSPriorities PERFORMANCE:%COMPAT
GnuTLSCertificateFile /etc/apache2/ssl/odf-shots.jejik.com.cert
GnuTLSKeyFile /root/certs/odf-shots.jejik.com.key
GnuTLSClientVerify ignore
GnuTLSClientCAFile /etc/ssl/certs/cacert.org.pem
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
<Location "/xmlrpc">
GnuTLSClientVerify require
</Location>
<Location "/users/certificate">
GnuTLSClientVerify require
</Location>
</VirtualHost>
Thanks in advance,
--
Sander Marechal
More information about the Modules
mailing list