Date: Thu, 28 Aug 1997 20:35:12 -0400 From: Chris Shenton <cshenton@it.hq.nasa.gov> To: questions@freebsd.org Subject: apache-ssl -- can't verify cert (MORE) Message-ID: <199708290035.AAA28163@wirehead.it.hq.nasa.gov>
next in thread | raw e-mail | index | archive | help
I forgot to mention: although the apache-ssl server cannot verify the
client cert, it *will* do SSL between client and server.
I tell the client not to return to the server one of my client
certs. The server is configured in httpd.conf with:
# Set SSLVerifyClient to:
# 0 if no certicate is required
# 1 if the client may present a valid certificate
# 2 if the client must present a valid certificate
# 3 if the client may present a valid certificate but it is not required to
# have a valid CA
SSLVerifyClient 3
So it doesn't require the client to submit one. Hummm... #1 requires a
valid CA, but #3 does not. So I really don't know why it fails me when
it can't verify the client cert.
This means that a majority of the SSL is working fine -- that it
simply cannot validate the client's cert.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708290035.AAA28163>