| Stefan Kuhn 2006-10-30, 7:32 pm |
| Hello NG,
I have a problem with a 2 level authentification with a VirturalHost.
What I want to configure is, since the browser doesnīt get any information
when authenfification with no client certs fails, to have the / of the
VirtualHost run with SSLVerifyClient optional. All other directorys should
require SSLVerifyClient. So if there is no $_SERVER['CLIENT_M_SERIAL'] I
can hint the user to install the cert. In userland the cert is stored on a
smartcard. So the user has to insert the card in the reader, what is
forgotten very often.
That is what I configured
The Server is an Apache 2.2.3
<VirtualHost 192.168.1.1:443>
ServerName test.thedomain.org
DocumentRoot /www/shtdocs
LogLevel warn
SSLEngine on
ErrorLog logs/ssl_engine_log
SSLCACertificateFile conf/ssl.crt/ROOT_Snakeoil.crt
SSLCertificateFile conf/ssl.crt/SERVER_Snakeoil.crt
SSLCertificateKeyFile conf/ssl.key/SERVER_Snakeoil.pem
SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
<Directory /www/shtdocs/>
Order allow,deny
Allow from all
SSLVerifyClient optional
</Directory>
<Directory ~ "^/www/shtdocs/[a-zA-Z]{1,}/?">
Order allow,deny
Allow from all
SSLVerifyClient require
SSLVerifyDepth 2
</Directory>
</VirtualHost>
My problem is, that apache ignores the first Directory Directive if the
second is present. Commenting out the second directive will make the first
one work. Donīt know what is going wrong.
Thanks in advance
Stefan
|