You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Buddy wu <ej...@gmail.com> on 2009/04/29 04:06:24 UTC
[users@httpd] how to PROMT the user who access the site that we ask for a client
certificat
I use apache with ssl and require client cert. how to let the user know he
shouldrequest a cert? now when a person without a cert access the site, it
only appreas that "the site can't be displayed ,maybe network problem"
how to give a hint to user , he should use a cert to access this cert
Re: [users@httpd] how to PROMT the user who access the site that we
ask for a client certificat
Posted by Buddy wu <ej...@gmail.com>.
2009/4/30 Eric Covener <co...@gmail.com>
> On Wed, Apr 29, 2009 at 8:54 PM, Buddy wu <ej...@gmail.com> wrote:
> > en, but it don't response as a http response error code. not like 404 or
> > 5000 or other likes . it just like the network is broken.
>
> Try making it optional, and use mod_rewrite to peek at the client DN
> and redirect to a pseudo-error page.
>
> en, not clearly about how to do it. but case of using optional, the user
can access the the site without certificate, is it?. it is not my idea.
--
blog <http://eye4china.buddub.com>
Re: [users@httpd] how to PROMT the user who access the site that we
ask for a client certificat
Posted by Eric Covener <co...@gmail.com>.
On Wed, Apr 29, 2009 at 8:54 PM, Buddy wu <ej...@gmail.com> wrote:
> en, but it don't response as a http response error code. not like 404 or
> 5000 or other likes . it just like the network is broken.
Try making it optional, and use mod_rewrite to peek at the client DN
and redirect to a pseudo-error page.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to PROMT the user who access the site that we
ask for a client certificat
Posted by Buddy wu <ej...@gmail.com>.
en, but it don't response as a http response error code. not like 404 or
5000 or other likes . it just like the network is broken.
2009/4/29 Krist van Besien <kr...@gmail.com>
> On Wed, Apr 29, 2009 at 4:06 AM, Buddy wu <ej...@gmail.com> wrote:
> > I use apache with ssl and require client cert. how to let the user know
> he
> > shouldrequest a cert? now when a person without a cert access the site,
> it
> > only appreas that "the site can't be displayed ,maybe network problem"
> > how to give a hint to user , he should use a cert to access this cert
>
> Use a custom error page.
>
> Krist
>
> --
> krist.vanbesien@gmail.com
> krist@vanbesien.org
> Bremgarten b. Bern, Switzerland
> --
> A: It reverses the normal flow of conversation.
> Q: What's wrong with top-posting?
> A: Top-posting.
> Q: What's the biggest scourge on plain text email discussions?
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] how to PROMT the user who access the site that we
ask for a client certificat
Posted by Buddy wu <ej...@gmail.com>.
2009/4/30 Sean Conner <sp...@conman.org>
> It was thus said that the Great Krist van Besien once stated:
> > On Wed, Apr 29, 2009 at 4:06 AM, Buddy wu <ej...@gmail.com> wrote:
> > > I use apache with ssl and require client cert. how to let the user know
> he
> > > shouldrequest a cert? now when a person without a cert access the site,
> it
> > > only appreas that "the site can't be displayed ,maybe network problem"
> > > how to give a hint to user , he should use a cert to access this cert
> >
> > Use a custom error page.
>
> That won't work. The error Buddy is getting is happening at a lower
> level
> as SSL is trying to negotiate a secure channel. On Firefox 2, I get a
> rather terse pop-up box with what looks like a random number on it.
> Firefox
> 3 gives a bit more information, but that's the client. And Apache won't
> log
> a request since no request has been sent.
>
> Your best bet is to have the protected content a bit lower in the site.
> For instance, my own secure site:
>
> https://secure.conman.org/
>
> is visible to all. The critical stuff, the stuff that's protected by
> client certificates, appears under:
>
> https://secure.conman.org/library/
>
> That's about the best you can do at this point in time.
>
> -spc
>
>
en, after trying sometimes. I found you're right. it's based on browse which
the user used. like IE , it will pop up a dialog to infirm that it need a
certificate to forward. but chrome can't. ( i don't try firefox) even I
installed the certificate in the computer, the chrome also can't access the
site.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
blog <http://eye4china.buddub.com>
Re: [users@httpd] how to PROMT the user who access the site that we ask for a client certificat
Posted by Sean Conner <sp...@conman.org>.
It was thus said that the Great Krist van Besien once stated:
> On Wed, Apr 29, 2009 at 4:06 AM, Buddy wu <ej...@gmail.com> wrote:
> > I use apache with ssl and require client cert. how to let the user know he
> > shouldrequest a cert? now when a person without a cert access the site, it
> > only appreas that "the site can't be displayed ,maybe network problem"
> > how to give a hint to user , he should use a cert to access this cert
>
> Use a custom error page.
That won't work. The error Buddy is getting is happening at a lower level
as SSL is trying to negotiate a secure channel. On Firefox 2, I get a
rather terse pop-up box with what looks like a random number on it. Firefox
3 gives a bit more information, but that's the client. And Apache won't log
a request since no request has been sent.
Your best bet is to have the protected content a bit lower in the site.
For instance, my own secure site:
https://secure.conman.org/
is visible to all. The critical stuff, the stuff that's protected by
client certificates, appears under:
https://secure.conman.org/library/
That's about the best you can do at this point in time.
-spc
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to PROMT the user who access the site that we
ask for a client certificat
Posted by Krist van Besien <kr...@gmail.com>.
On Wed, Apr 29, 2009 at 4:06 AM, Buddy wu <ej...@gmail.com> wrote:
> I use apache with ssl and require client cert. how to let the user know he
> shouldrequest a cert? now when a person without a cert access the site, it
> only appreas that "the site can't be displayed ,maybe network problem"
> how to give a hint to user , he should use a cert to access this cert
Use a custom error page.
Krist
--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org