SSLVerifyClient for a specific location

Alles, was den Apache betrifft, kann hier besprochen werden.

SSLVerifyClient for a specific location

Postby goblin24 » 18. December 2009 14:13

I'm running an Opensuse linux 11.1 with an Apache. My objective is to restrict the access to a specific webservice per URL (location).

I have successfully set up an installation with SSL encoded transfer. If I restrict now the whole apache to use client certificate based authentication, it works fine: I get a pop-up in my browser too choose appropriate cert ant then I can browse the page.
But if I restrict the access with the location tag, the corresponding location is 'secured', but in the browser I get ssl_error_handshake_failure_alert.

This configuration works (httpd.conf):
SSLVerifyClient require
SSLCACertificateFile /home/...../cacert.pem

This doesn't work (httpd.conf):
SSLVerifyClient none
SSLCACertificateFile /home/...../cacert.pem
<Location /ANURL>
SSLVerifyClient require
SSLVerifyDepth 1

Have i missed something?
Posts: 1
Joined: 18. December 2009 13:56

Re: SSLVerifyClient for a specific location

Postby vijaysridhar03 » 12. February 2017 14:06

Hi All,

I have also i have similar requirement to restrict client based on "Client Certificate Authentication" .

we have 1 Virtual host, in that we have 4 Context ( all are Proxypass to Application Server Tomcat ) ,

Requirement is to restrict client access to particular context based on the Client-Certificate , one client should not access other client Context , each client will provide their CA certificate , tried with Location Directive but not able to make it work.

As we don't know the Client IP's list we were not able to restrict Context based on IP .
Posts: 2
Joined: 18. November 2014 18:47
Operating System: Linux

Return to Apache

Who is online

Users browsing this forum: No registered users and 5 guests