Bug 31314 - SSLVerifyClient does not request client certificate from browser
Summary: SSLVerifyClient does not request client certificate from browser
Status: RESOLVED DUPLICATE of bug 12355
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.0.51
Hardware: PC Linux
: P3 major (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2004-09-20 15:49 UTC by Duane Toler
Modified: 2004-11-16 19:05 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Duane Toler 2004-09-20 15:49:22 UTC
SSLVerifyClient does not request the client certificate from browser.  I tested
2.0.48, 2.0.50 and 2.0.51 to no avail.  The config works properly in v1.3.x

my config:

Alias /secure/ "/var/www/secure/"

<Directory "/var/www/secure">
   Options None
   AllowOverride AuthConfig

   SSLVerifyClient optional
   SSLVerifyDepth 2
   SSLOptions +FakeBasicAuth +StdEnvVars +CompatEnvVars \
              +StrictRequire +OptRenegotiate

   Order deny,allow    Deny from all
   Allow from

   AuthType Basic
   AuthUserFile /etc/htpasswd.secure
   AuthName "Secure Access"
   require valid-user

   Satisfy Any

The premise is to request client certificates if the browser has one.  If not,
then request HTTP 401 Authorization.  In /etc/htpasswd.secure, i have the
complete DN of my certificate and the hash of the word 'password' as per the
mod_ssl documentation (to satisfy mod_auth when using FakeBasicAuth)
Comment 1 Joe Orton 2004-09-22 10:20:13 UTC
Try adding "SSLVerifyClient optional" to the SSL vhost config.  This is probably
bug 12355.

*** This bug has been marked as a duplicate of 12355 ***