You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Bill Tangren <bj...@aa.usno.navy.mil> on 2006/11/28 20:38:22 UTC
[users@httpd] apache client authentication problem (somewhat long)
I posted this on the Redhat Enterprise Linux 4 (Nahant) list, but I didn't get
sufficient help to solve my problem, so I'm trying here. I apologize in advance
if any of you have seen this before.
I am having a problem with client authentication with apache and openssl. I have
been ordered to get this working, or I will have to be shut down. I think this
is a complex problem (because my web site is somewhat complex, at least for me)
but I will try to simplify it as much as possible.
I am trying to set up a test directory that requires client authentication,
while the parent directory (which is used for web email) does not. I also have
non-encrypted web sites, and that may be what is bollixing up this process, I
don't know.
When I use Internet Explorer to access this test directory, I am successfully
presented with the certificate, and required to provide my client certificate.
After I do so, however, I get a
"The page cannot be displayed. The page is currently unavailable..."
Nothing shows up in /var/log/httpd/ssl_error_log, or in
/var/log/httpd/ssl_access_log. However, /var/log/httpd/webmail_error_log shows this:
[Wed Nov 22 11:00:56 2006] [error] Certificate Verification: Error (20): unable
to get local issuer certificate
[Wed Nov 22 11:00:56 2006] [error] Re-negotiation handshake failed: Not accepted
by client!?
/var/log/httpd/webmail_access_log indicates an apache 103 error:
schwarzschild.usno.navy.mil - - [22/Nov/2006:11:00:55 -0500] "GET /pkitest/
HTTP/1.0" 103 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
.NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727)"
I've never heard of a 103 error. The apache error codes seem to start in the
200's (http://bignosebird.com/apache/a5.shtml).
Googling comes up with this:
<http://www.mail-archive.com/modssl-users@modssl.org/msg17064.html>
which indicated a number of things, which I tried without success.
Googling on the renegotiation handshake error yielded quite a bit on use of
KeepAlive, but I don't use it, and turning it on didn't help.
There are other, simpler, web sites here at work that only have this client
authentication, and they were able to implement it without trouble. They are,
however, on a fedora core 5 system running apache 2.2.x.
I run httpd-2.0.52-28 and openssl-0.9.7a-43.14 on a RHEL ES 4 system. My
*httpd.conf* contains (in part)
<VirtualHost aa.usno.navy.mil:443>
ServerAdmin bjt@aa.usno.navy.mil
ServerName aa.usno.navy.mil
ErrorLog /var/log/httpd/webmail_error_log
CustomLog /var/log/httpd/webmail_access_log combined
TransferLog /var/log/httpd/access_log
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/AA_PKI.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/AA_PKI.key
SSLCACertificateFile /etc/httpd/conf/ssl.crt/root.crt
SSLVerifyClient none
<Files ~ "\.(cgi|shtml)$">
SSLOptions +StdEnvVars
</Files>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/html/pkitest">
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride None
Order allow,deny
Allow from all
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 10
</Directory>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /etc/httpd/logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x \
%{SSL_CIPHER}x \"%r\" %b"
DocumentRoot /var/www/html
<Directory "/var/www">
Options -Indexes FollowSymLinks MultiViews Includes
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Alias /webmail /usr/share/squirrelmail
</VirtualHost>
My *ssl.conf* contains
LoadModule ssl_module modules/mod_ssl.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
ServerName aa.usno.navy.mil:443
ServerAdmin bjt@aa.usno.navy.mil
RewriteEngine on
RewriteRule ^https://aa/$ https://aa.usno.navy.mil/
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/httpd/conf/ssl.crt/AA_PKI.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/AA_PKI.key
SSLCACertificateFile /etc/httpd/conf/ssl.crt/root.crt
SSLCACertificatePath /etc/httpd/conf/ssl.crt
SSLVerifyClient optional
SSLVerifyDepth 10
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Can anyone help?
TIA,
Bill Tangren
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache client authentication problem (somewhat long)
Posted by Serge Dubrouski <se...@gmail.com>.
So you have a bunch of .cer files. Then you have to use
SSLCACertificatePath and links with hashes as names. It can't be just
one file with once certificate unless all your client have
certificates signed by one CA.
On 11/28/06, Bill Tangren <bj...@aa.usno.navy.mil> wrote:
> Serge Dubrouski wrote:
> > Your client submits certificate signed by CA which certificate you
> > don't have in your SSLCACertificatePath. Actually it looks like you
> > incorrectly configured it. You have:
> >
> > SSLCACertificateFile /etc/httpd/conf/ssl.crt/root.crt
> > SSLCACertificatePath /etc/httpd/conf/ssl.crt
> >
> > You should use just one of those options. If you use
> > SSLCACertificateFile your file (stacked pem) should have certificates
> > for all CA that issue certificates for you clients. If you use
> > SSLCACertificatePath place all certs into that directory and create
> > links like it's described here:
> >
> > http://www.redhat.com/docs/manuals/stronghold/Stronghold-4.0-Manual/SH4_HTML/authenc.html
> >
> >
> >
>
>
> OK, I've read that. I may be stuck on this line:
>
> 1: # Make sure the new CA certificate is in PEM format.
>
> The CA's I obtained from a very user-hostile web site. It listed each CA
> separately (like CA-12, CA-13, etc.), and allowed me to view the certificates,
> or download them. If you download them, I am given .cer files. If you view them,
> I am given a lot of text in between a -----BEGIN CERTIFICATE----- and an
> -----END CERTIFICATE-----, as well as the certificate contents in readable form.
> I don't know what .cer files are, except googling indicates they may be
> something that Microsoft uses, as MS has a utility that reads them, and will
> install the certificate. I copied each text certificate and concatenated them
> into a single root.crt file.
>
> This link:
>
> http://ospkibook.sourceforge.net/docs/OSPKI-2.4.6/OSPKI/sample-ca-cert.htm
>
> seems to indicate that what I did was correct.
>
> Also, removing the SSLCACertificatePath line in ssl.conf does not help.
>
> I have an emailed copy of another servers root.crt file, from a site that has
> this working, and I STILL get these errors. I had copied his ssl.conf as well.
> He used both lines given above.
>
> Thanks for responding.
>
> Any other ideas?
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache client authentication problem (somewhat long)
Posted by Serge Dubrouski <se...@gmail.com>.
On 11/28/06, Bill Tangren <bj...@aa.usno.navy.mil> wrote:
> Serge Dubrouski wrote:
> > Your client submits certificate signed by CA which certificate you
> > don't have in your SSLCACertificatePath. Actually it looks like you
> > incorrectly configured it. You have:
> >
> > SSLCACertificateFile /etc/httpd/conf/ssl.crt/root.crt
> > SSLCACertificatePath /etc/httpd/conf/ssl.crt
> >
> > You should use just one of those options. If you use
> > SSLCACertificateFile your file (stacked pem) should have certificates
> > for all CA that issue certificates for you clients. If you use
> > SSLCACertificatePath place all certs into that directory and create
> > links like it's described here:
> >
> > http://www.redhat.com/docs/manuals/stronghold/Stronghold-4.0-Manual/SH4_HTML/authenc.html
> >
> >
> >
>
>
> OK, I've read that. I may be stuck on this line:
>
> 1: # Make sure the new CA certificate is in PEM format.
>
> The CA's I obtained from a very user-hostile web site. It listed each CA
> separately (like CA-12, CA-13, etc.), and allowed me to view the certificates,
> or download them. If you download them, I am given .cer files. If you view them,
> I am given a lot of text in between a -----BEGIN CERTIFICATE----- and an
> -----END CERTIFICATE-----, as well as the certificate contents in readable form.
> I don't know what .cer files are, except googling indicates they may be
> something that Microsoft uses, as MS has a utility that reads them, and will
> install the certificate. I copied each text certificate and concatenated them
> into a single root.crt file.
>
> This link:
>
> http://ospkibook.sourceforge.net/docs/OSPKI-2.4.6/OSPKI/sample-ca-cert.htm
>
> seems to indicate that what I did was correct.
>
> Also, removing the SSLCACertificatePath line in ssl.conf does not help.
>
> I have an emailed copy of another servers root.crt file, from a site that has
> this working, and I STILL get these errors. I had copied his ssl.conf as well.
> He used both lines given above.
And that's not a problem with your server certificate. That's a
problem with client certificates. You have to have certs for CAs that
issued client certificates.
>
> Thanks for responding.
>
> Any other ideas?
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache client authentication problem (somewhat long)
Posted by Kenneth Svee <k....@usit.uio.no>.
[ Bill Tangren ]
> Serge Dubrouski wrote:
>> Your client submits certificate signed by CA which certificate you
>> don't have in your SSLCACertificatePath. Actually it looks like you
>> incorrectly configured it. You have:
>> SSLCACertificateFile /etc/httpd/conf/ssl.crt/root.crt
>> SSLCACertificatePath /etc/httpd/conf/ssl.crt
>> You should use just one of those options. If you use
>> SSLCACertificateFile your file (stacked pem) should have certificates
>> for all CA that issue certificates for you clients. If you use
>> SSLCACertificatePath place all certs into that directory and create
>> links like it's described here:
>> http://www.redhat.com/docs/manuals/stronghold/Stronghold-4.0-Manual/SH4_HTML/authenc.html
>
>
> OK, I've read that. I may be stuck on this line:
>
> 1: # Make sure the new CA certificate is in PEM format.
>
> The CA's I obtained from a very user-hostile web site. It listed
> each CA separately (like CA-12, CA-13, etc.), and allowed me to view
> the certificates, or download them. If you download them, I am given
> .cer files. If you view them, I am given a lot of text in between a
> -----BEGIN CERTIFICATE----- and an -----END CERTIFICATE-----, as
> well as the certificate contents in readable form. I don't know what
> .cer files are, except googling indicates they may be something that
> Microsoft uses, as MS has a utility that reads them, and will
> install the certificate. I copied each text certificate and
> concatenated them into a single root.crt file.
.cer seems like another shortname for "certificate", like ".crt". The
CA-cert /most probably/ is in the PEM format.
You've got the client certs (.crt?)? Try using OpenSSL to view what's
in them:
bash# openssl x509 -text -in <client.crt>
You can even grep out the issuer (CA) to see which CA-cert you need to
verify the client certificate:
bash# openssl x509 -text -in <client.crt> | grep Issuer
The OU should give you some idea of the correct CA-cert you need. You
might be lucky and have some more info in the X509v3-extensions that
give you an URL to the CA-cert it self.
You can try dumping the CA-cert with the same OpenSSL-commands.
When you have the CA-cert that signed the client-cert, point to it in
your httpd.conf with the SSLCACertificateFile-directive (if you need
no more than this CA-cert one for your server). See docs for more
info.
The whole dealio is that the webserver needs the exact CA-cert that
signed the client-cert to verify the clients.
Rgds,
Kenneth Svee
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache client authentication problem (somewhat
long)
Posted by Bill Tangren <bj...@aa.usno.navy.mil>.
Serge Dubrouski wrote:
> Your client submits certificate signed by CA which certificate you
> don't have in your SSLCACertificatePath. Actually it looks like you
> incorrectly configured it. You have:
>
> SSLCACertificateFile /etc/httpd/conf/ssl.crt/root.crt
> SSLCACertificatePath /etc/httpd/conf/ssl.crt
>
> You should use just one of those options. If you use
> SSLCACertificateFile your file (stacked pem) should have certificates
> for all CA that issue certificates for you clients. If you use
> SSLCACertificatePath place all certs into that directory and create
> links like it's described here:
>
> http://www.redhat.com/docs/manuals/stronghold/Stronghold-4.0-Manual/SH4_HTML/authenc.html
>
>
>
OK, I've read that. I may be stuck on this line:
1: # Make sure the new CA certificate is in PEM format.
The CA's I obtained from a very user-hostile web site. It listed each CA
separately (like CA-12, CA-13, etc.), and allowed me to view the certificates,
or download them. If you download them, I am given .cer files. If you view them,
I am given a lot of text in between a -----BEGIN CERTIFICATE----- and an
-----END CERTIFICATE-----, as well as the certificate contents in readable form.
I don't know what .cer files are, except googling indicates they may be
something that Microsoft uses, as MS has a utility that reads them, and will
install the certificate. I copied each text certificate and concatenated them
into a single root.crt file.
This link:
http://ospkibook.sourceforge.net/docs/OSPKI-2.4.6/OSPKI/sample-ca-cert.htm
seems to indicate that what I did was correct.
Also, removing the SSLCACertificatePath line in ssl.conf does not help.
I have an emailed copy of another servers root.crt file, from a site that has
this working, and I STILL get these errors. I had copied his ssl.conf as well.
He used both lines given above.
Thanks for responding.
Any other ideas?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache client authentication problem (somewhat long)
Posted by Serge Dubrouski <se...@gmail.com>.
Your client submits certificate signed by CA which certificate you
don't have in your SSLCACertificatePath. Actually it looks like you
incorrectly configured it. You have:
SSLCACertificateFile /etc/httpd/conf/ssl.crt/root.crt
SSLCACertificatePath /etc/httpd/conf/ssl.crt
You should use just one of those options. If you use
SSLCACertificateFile your file (stacked pem) should have certificates
for all CA that issue certificates for you clients. If you use
SSLCACertificatePath place all certs into that directory and create
links like it's described here:
http://www.redhat.com/docs/manuals/stronghold/Stronghold-4.0-Manual/SH4_HTML/authenc.html
On 11/28/06, Bill Tangren <bj...@aa.usno.navy.mil> wrote:
> I posted this on the Redhat Enterprise Linux 4 (Nahant) list, but I didn't get
> sufficient help to solve my problem, so I'm trying here. I apologize in advance
> if any of you have seen this before.
>
>
>
> I am having a problem with client authentication with apache and openssl. I have
> been ordered to get this working, or I will have to be shut down. I think this
> is a complex problem (because my web site is somewhat complex, at least for me)
> but I will try to simplify it as much as possible.
>
> I am trying to set up a test directory that requires client authentication,
> while the parent directory (which is used for web email) does not. I also have
> non-encrypted web sites, and that may be what is bollixing up this process, I
> don't know.
>
> When I use Internet Explorer to access this test directory, I am successfully
> presented with the certificate, and required to provide my client certificate.
> After I do so, however, I get a
>
> "The page cannot be displayed. The page is currently unavailable..."
>
> Nothing shows up in /var/log/httpd/ssl_error_log, or in
> /var/log/httpd/ssl_access_log. However, /var/log/httpd/webmail_error_log shows this:
>
> [Wed Nov 22 11:00:56 2006] [error] Certificate Verification: Error (20): unable
> to get local issuer certificate
> [Wed Nov 22 11:00:56 2006] [error] Re-negotiation handshake failed: Not accepted
> by client!?
>
> /var/log/httpd/webmail_access_log indicates an apache 103 error:
>
> schwarzschild.usno.navy.mil - - [22/Nov/2006:11:00:55 -0500] "GET /pkitest/
> HTTP/1.0" 103 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
> .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727)"
>
> I've never heard of a 103 error. The apache error codes seem to start in the
> 200's (http://bignosebird.com/apache/a5.shtml).
>
> Googling comes up with this:
>
> <http://www.mail-archive.com/modssl-users@modssl.org/msg17064.html>
>
> which indicated a number of things, which I tried without success.
>
> Googling on the renegotiation handshake error yielded quite a bit on use of
> KeepAlive, but I don't use it, and turning it on didn't help.
>
> There are other, simpler, web sites here at work that only have this client
> authentication, and they were able to implement it without trouble. They are,
> however, on a fedora core 5 system running apache 2.2.x.
>
> I run httpd-2.0.52-28 and openssl-0.9.7a-43.14 on a RHEL ES 4 system. My
> *httpd.conf* contains (in part)
>
> <VirtualHost aa.usno.navy.mil:443>
> ServerAdmin bjt@aa.usno.navy.mil
> ServerName aa.usno.navy.mil
> ErrorLog /var/log/httpd/webmail_error_log
> CustomLog /var/log/httpd/webmail_access_log combined
> TransferLog /var/log/httpd/access_log
> SSLEngine on
> SSLCertificateFile /etc/httpd/conf/ssl.crt/AA_PKI.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/AA_PKI.key
> SSLCACertificateFile /etc/httpd/conf/ssl.crt/root.crt
> SSLVerifyClient none
>
> <Files ~ "\.(cgi|shtml)$">
> SSLOptions +StdEnvVars
> </Files>
>
> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
> <Directory "/var/www/cgi-bin">
> SSLOptions +StdEnvVars
> AllowOverride None
> Options None
> Order allow,deny
> Allow from all
> </Directory>
>
> <Directory "/var/www/html/pkitest">
> Options Indexes FollowSymLinks MultiViews Includes
> AllowOverride None
> Order allow,deny
> Allow from all
> SSLRequireSSL
> SSLVerifyClient require
> SSLVerifyDepth 10
> </Directory>
>
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> CustomLog /etc/httpd/logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x \
> %{SSL_CIPHER}x \"%r\" %b"
>
> DocumentRoot /var/www/html
> <Directory "/var/www">
> Options -Indexes FollowSymLinks MultiViews Includes
> AllowOverride None
> Order allow,deny
> Allow from all
> </Directory>
> Alias /webmail /usr/share/squirrelmail
> </VirtualHost>
>
>
> My *ssl.conf* contains
>
> LoadModule ssl_module modules/mod_ssl.so
> Listen 443
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl .crl
> SSLPassPhraseDialog builtin
> SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
> SSLSessionCacheTimeout 300
> SSLMutex default
> SSLRandomSeed startup file:/dev/urandom 256
> SSLRandomSeed connect builtin
> SSLCryptoDevice builtin
>
> <VirtualHost _default_:443>
>
> ServerName aa.usno.navy.mil:443
> ServerAdmin bjt@aa.usno.navy.mil
> RewriteEngine on
> RewriteRule ^https://aa/$ https://aa.usno.navy.mil/
> ErrorLog logs/ssl_error_log
> TransferLog logs/ssl_access_log
> LogLevel warn
> SSLEngine on
> SSLProtocol all -SSLv2
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> SSLCertificateFile /etc/httpd/conf/ssl.crt/AA_PKI.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/AA_PKI.key
> SSLCACertificateFile /etc/httpd/conf/ssl.crt/root.crt
> SSLCACertificatePath /etc/httpd/conf/ssl.crt
> SSLVerifyClient optional
> SSLVerifyDepth 10
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> SSLOptions +StdEnvVars
> </Files>
> <Directory "/var/www/cgi-bin">
> SSLOptions +StdEnvVars
> </Directory>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> CustomLog logs/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> </VirtualHost>
>
> Can anyone help?
>
> TIA,
>
> Bill Tangren
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org