Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

mod ssl

Status
Not open for further replies.
jimberger

jimberger

Programmer
Jul 5, 2001
222
GB
Hello,

Does anybody know the require statement for securing a part of the webserver with SSL certificates. I have apache with mod ssl running. I know the require statement for orgainisation e.g

<location /secure>
SSLVerifyClient optional
SSLVerifyDepth 1
SSLRequire ( %{SSL_CLIENT_S_DN_O} =~ m/SLB|slb/)
</Location>

However, how do I limit a area just to one person with a certificate e.g i have tried

<location /secure>
SSLVerifyClient optional
SSLVerifyDepth 1
SSLRequire ( %{SSL_CLIENT_S_DN_CN} eq &quot;James Robinson 29457&quot;)
</Location>

But this doesnt work

Does anyone know the answer?

please help

jim
 
Sort by date Sort by votes
I don't have the answer, but I do have another mod ssl question. I would like to set my server up for SSL at least for the ecommerce sites. I'm running RedHat 6.1 and I 'think' I can set this up through linuxconf but I don't know how. Neither the RH Linux Bible nor the manuals have anything specific regarding setting up with linuxconf. I've tried most of the linuxconf help sites but haven't located any specific documentation. Has anyone done this and if so, how?
 
Upvote 0 Downvote
Hi,

The SSLRequire looks OK as long as that matches the client name on the certificate but where you have :

SSLVerifyClient optional

it should be

SSLVerifyClient require

On wlwoman's query - the basics of it are that you have to install openssl and then either apache-ssl ( or mod_ssl ( ). On current redhat versions you'd just install the 'openssl' rpms and then the 'mod_ssl' rpm and do your configuration. However, I don't think that redhat provided rpms for either apache-ssl or mod_ssl in version 6.x . You could get the 7.x mod_ssl rpm if you like but you might have to upgrade a few others too due to the dependencies. Otherwise just get the tarball and roll your own ... There may be some config you can do via linuxconf (not sure) but you still have to install the above bits first.


Regards
 
Upvote 0 Downvote
Thanks ifincham

I tried the SSLVerifyClient require directive but i still
get forbidden error message

I have also tried using

SSLRequire ( %{SSL_CLIENT_S_DN_CN} =~ m/James Robinson 269457/)

This does't work either. Any ideas? is the
SSL_CLIENT_S_DN_CN part correct?

Thanks for your help

jim
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bhaberman
  • Locked
  • Question
SSL_ERROR_NO_CYPHER_OVERLAP
Replies
2
Views
162
ChrisHirst
ChrisHirst
webamol
  • Locked
  • Question
Apache with mod jk maintenance page when tomcat goes down
Replies
7
Views
229
webamol
webamol
sniper57
  • Locked
  • Question
Mutual SSL with AD authorization
Replies
0
Views
87
sniper57
sniper57
henzen
  • Locked
  • Question
Using mod_sed on both in/out filtering on same site
Replies
1
Views
159
feherke
feherke
eliogabalus
  • Locked
  • Question
the modem is the &quot;guilty&quot;?
Replies
1
Views
146
eliogabalus
eliogabalus

Part and Inventory Search

Sponsor

Back
Top