[4243] in WWW Security List Archive
Re: Apache-SSL Access Control
daemon@ATHENA.MIT.EDU (Roberto Galoppini)
Mon Feb 3 15:06:56 1997
Date: Mon, 03 Feb 1997 10:40:18 +0100
From: Roberto Galoppini <rgaloppini@tim.it>
Reply-To: rgaloppini@tim.it
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Jorge Figueiredo wrote:
>
> My problem is this:
>
> I am running an Apache-SSL server,
> I want to let new visitors access some pages in my server without having to
> present a
> certificate, for example the pages where they ask for one. On the other
> hand, I want to have directories where only certified clients are allowed.
> If I set SSLVerifyClient to 2 and use SSLFakeBasicAuth the part of allowing
> only certified clients works great, but clients without certificate can't
> get to ask for one. If set SSLVerifyClient to 1 it works just like set to 2,
> not allowing uncertified clients. If I set SSLVerifyClient to 0 it allows
> uncertified clients to ask for their certificate, but SSLFakeBasicAuth
> doens't works because the client never presents it's certificate to the server!
>
> Do you have any ideia?
Yes, a pretty silly one.
Why don't you use a 'welcome' page where you put an url to get a
certificate (just in case the user didn't get any) and another
url to access the privileged space. Uh ?
I hope it helps,
Roberto Galoppini
rgaloppini@tim.it
"Speak, friend, and enter"
