You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Benjamin Cuthbert <be...@db.com> on 2006/11/08 16:38:40 UTC
[users@httpd] client side certificates authentication in virtual hosts
All
Can you run two SSL virtual host URLS on the same IP address and have one
running with no client certificate authentication and one running without
client authentication. I have tried it and the options
SSLVerifyClient require
SSLVerifyDepth 1
But when this is enabled on one of the virtual hosts it takes out the
other virtual host and i am unable to connect.
Regards
Ben Cuthbert
Deutsche Bank AG
Corporate & Investment Bank
GTO : TISO / Arch Global Finance / Prime Services
PGP: http://pgp.mit.edu
+44 (0) 20 754 76389 (Tel)
+44 (0) 20 754 74996 (Fax)
---
This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
Re: [users@httpd] client side certificates authentication in virtual hosts
Posted by Serge Dubrouski <se...@gmail.com>.
On 11/8/06, Benjamin Cuthbert <be...@db.com> wrote:
>
>
> They does not sound like such a good idea, what if i bound the new virtual
> host to a new IP address would i then be able to
> run both in different modes ?
That sounds much better. And you will be able to have different Server
certificates and different Client Verification modes for them.
On 11/8/06, Benjamin Cuthbert <be...@db.com> wrote:
> >
> > All
> >
> > Can you run two SSL virtual host URLS on the same IP address and have
> one
> > running with no client certificate authentication and one running
> without
>
> It's possible if having one VirtualHost complaining about wrong Server
> Certificate is applicable for you, which I really doubt.
>
> > client authentication. I have tried it and the options
> >
> > SSLVerifyClient require
> > SSLVerifyDepth 1
> >
> > But when this is enabled on one of the virtual hosts it takes out the
> other
> > virtual host and i am unable to connect.
>
> Most probably you configure both for your VH with the same name. In
> this case one of hosts ignored and you always hit the same VH. Or you
> have some kind of other mistake in your config. It would be good to
> take a look on how you configured them.
>
> >
> > Regards
> >
> > Ben Cuthbert
> > Deutsche Bank AG
> > Corporate & Investment Bank
> > GTO : TISO / Arch Global Finance / Prime Services
> > PGP: http://pgp.mit.edu
> > +44 (0) 20 754 76389 (Tel)
> > +44 (0) 20 754 74996 (Fax)
> > ---
> >
> > This e-mail may contain confidential and/or privileged information. If
> you
> > are not the intended recipient (or have received this e-mail in error)
> > please notify the sender immediately and destroy this e-mail. Any
> > unauthorized copying, disclosure or distribution of the material in
> this
> > e-mail is strictly forbidden.
> >
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
> ---
>
> This e-mail may contain confidential and/or privileged information. If you
>
> are not the intended recipient (or have received this e-mail in error)
> please notify the sender immediately and destroy this e-mail. Any
> unauthorized copying, disclosure or distribution of the material in this
> e-mail is strictly forbidden.
>
Re: [users@httpd] client side certificates authentication in virtual hosts
Posted by Benjamin Cuthbert <be...@db.com>.
They does not sound like such a good idea, what if i bound the new virtual
host to a new IP address would i then be able to
run both in different modes ?
Regards
Ben Cuthbert
Deutsche Bank AG
Corporate & Investment Bank
GTO : TISO / Arch Global Finance / Prime Services
PGP: http://pgp.mit.edu
+44 (0) 20 754 76389 (Tel)
+44 (0) 20 754 74996 (Fax)
"Serge Dubrouski" <se...@gmail.com>
11/08/2006 03:52 PM
Please respond to
users@httpd.apache.org
To
users@httpd.apache.org
cc
Subject
Re: [users@httpd] client side certificates authentication in virtual hosts
On 11/8/06, Benjamin Cuthbert <be...@db.com> wrote:
>
> All
>
> Can you run two SSL virtual host URLS on the same IP address and have
one
> running with no client certificate authentication and one running
without
It's possible if having one VirtualHost complaining about wrong Server
Certificate is applicable for you, which I really doubt.
> client authentication. I have tried it and the options
>
> SSLVerifyClient require
> SSLVerifyDepth 1
>
> But when this is enabled on one of the virtual hosts it takes out the
other
> virtual host and i am unable to connect.
Most probably you configure both for your VH with the same name. In
this case one of hosts ignored and you always hit the same VH. Or you
have some kind of other mistake in your config. It would be good to
take a look on how you configured them.
>
> Regards
>
> Ben Cuthbert
> Deutsche Bank AG
> Corporate & Investment Bank
> GTO : TISO / Arch Global Finance / Prime Services
> PGP: http://pgp.mit.edu
> +44 (0) 20 754 76389 (Tel)
> +44 (0) 20 754 74996 (Fax)
> ---
>
> This e-mail may contain confidential and/or privileged information. If
you
> are not the intended recipient (or have received this e-mail in error)
> please notify the sender immediately and destroy this e-mail. Any
> unauthorized copying, disclosure or distribution of the material in
this
> e-mail is strictly forbidden.
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---
This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
Re: [users@httpd] client side certificates authentication in virtual hosts
Posted by Serge Dubrouski <se...@gmail.com>.
On 11/8/06, Benjamin Cuthbert <be...@db.com> wrote:
>
> All
>
> Can you run two SSL virtual host URLS on the same IP address and have one
> running with no client certificate authentication and one running without
It's possible if having one VirtualHost complaining about wrong Server
Certificate is applicable for you, which I really doubt.
> client authentication. I have tried it and the options
>
> SSLVerifyClient require
> SSLVerifyDepth 1
>
> But when this is enabled on one of the virtual hosts it takes out the other
> virtual host and i am unable to connect.
Most probably you configure both for your VH with the same name. In
this case one of hosts ignored and you always hit the same VH. Or you
have some kind of other mistake in your config. It would be good to
take a look on how you configured them.
>
> Regards
>
> Ben Cuthbert
> Deutsche Bank AG
> Corporate & Investment Bank
> GTO : TISO / Arch Global Finance / Prime Services
> PGP: http://pgp.mit.edu
> +44 (0) 20 754 76389 (Tel)
> +44 (0) 20 754 74996 (Fax)
> ---
>
> This e-mail may contain confidential and/or privileged information. If you
> are not the intended recipient (or have received this e-mail in error)
> please notify the sender immediately and destroy this e-mail. Any
> unauthorized copying, disclosure or distribution of the material in this
> e-mail is strictly forbidden.
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] client side certificates authentication in virtual hosts
Posted by Joshua Slive <jo...@slive.ca>.
On 11/8/06, Benjamin Cuthbert <be...@db.com> wrote:
>
> All
>
> Can you run two SSL virtual host URLS on the same IP address and have one
> running with no client certificate authentication and one running without
> client authentication. I have tried it and the options
>
> SSLVerifyClient require
> SSLVerifyDepth 1
>
> But when this is enabled on one of the virtual hosts it takes out the other
> virtual host and i am unable to connect.
When using one IP address, you'll likely have the same problem with
the client certificates that you do with the server certificates: the
certificate must be selected before the hostname is known. So I doubt
this will work.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org