You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Sean Conner <sp...@conman.org> on 2009/04/30 10:44:59 UTC
Re: [users@httpd] how to PROMT the user who access the site that we ask for a client certificat
It was thus said that the Great Krist van Besien once stated:
> On Wed, Apr 29, 2009 at 4:06 AM, Buddy wu <ej...@gmail.com> wrote:
> > I use apache with ssl and require client cert. how to let the user know he
> > shouldrequest a cert? now when a person without a cert access the site, it
> > only appreas that "the site can't be displayed ,maybe network problem"
> > how to give a hint to user , he should use a cert to access this cert
>
> Use a custom error page.
That won't work. The error Buddy is getting is happening at a lower level
as SSL is trying to negotiate a secure channel. On Firefox 2, I get a
rather terse pop-up box with what looks like a random number on it. Firefox
3 gives a bit more information, but that's the client. And Apache won't log
a request since no request has been sent.
Your best bet is to have the protected content a bit lower in the site.
For instance, my own secure site:
https://secure.conman.org/
is visible to all. The critical stuff, the stuff that's protected by
client certificates, appears under:
https://secure.conman.org/library/
That's about the best you can do at this point in time.
-spc
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to PROMT the user who access the site that we
ask for a client certificat
Posted by Buddy wu <ej...@gmail.com>.
2009/4/30 Sean Conner <sp...@conman.org>
> It was thus said that the Great Krist van Besien once stated:
> > On Wed, Apr 29, 2009 at 4:06 AM, Buddy wu <ej...@gmail.com> wrote:
> > > I use apache with ssl and require client cert. how to let the user know
> he
> > > shouldrequest a cert? now when a person without a cert access the site,
> it
> > > only appreas that "the site can't be displayed ,maybe network problem"
> > > how to give a hint to user , he should use a cert to access this cert
> >
> > Use a custom error page.
>
> That won't work. The error Buddy is getting is happening at a lower
> level
> as SSL is trying to negotiate a secure channel. On Firefox 2, I get a
> rather terse pop-up box with what looks like a random number on it.
> Firefox
> 3 gives a bit more information, but that's the client. And Apache won't
> log
> a request since no request has been sent.
>
> Your best bet is to have the protected content a bit lower in the site.
> For instance, my own secure site:
>
> https://secure.conman.org/
>
> is visible to all. The critical stuff, the stuff that's protected by
> client certificates, appears under:
>
> https://secure.conman.org/library/
>
> That's about the best you can do at this point in time.
>
> -spc
>
>
en, after trying sometimes. I found you're right. it's based on browse which
the user used. like IE , it will pop up a dialog to infirm that it need a
certificate to forward. but chrome can't. ( i don't try firefox) even I
installed the certificate in the computer, the chrome also can't access the
site.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
blog <http://eye4china.buddub.com>