I'm running an Opensuse linux 11.1 with an Apache. My objective is to restrict the access to a specific webservice per URL (location).
I have successfully set up an installation with SSL encoded transfer. If I restrict now the whole apache to use client certificate based authentication, it works fine: I get a pop-up in my browser too choose appropriate cert ant then I can browse the page.
But if I restrict the access with the location tag, the corresponding location is 'secured', but in the browser I get ssl_error_handshake_failure_alert.
This configuration works (httpd.conf):
SSLVerifyClient require
SSLCACertificateFile /home/...../cacert.pem
This doesn't work (httpd.conf):
SSLVerifyClient none
SSLCACertificateFile /home/...../cacert.pem
<Location /ANURL>
SSLVerifyClient require
SSLVerifyDepth 1
</Location>
Have i missed something?