Skip to Content.
Sympa Menu

cacert-sysadm - Re: https unintuitave client side error messages

cacert-sysadm AT lists.cacert.org

Subject: CAcert System Admins discussion list

List archive

Re: https unintuitave client side error messages


Chronological Thread 
  • From: Bernhard Fröhlich EDU <education AT cacert.org>
  • To: Daniel Black <daniel AT cacert.org>
  • Cc: cacert-sysadm AT lists.cacert.org
  • Subject: Re: https unintuitave client side error messages
  • Date: Mon, 27 Apr 2009 23:37:16 +0200
  • Authentication-results: lists.cacert.org; dkim=neutral header.i= AT cacert.org; dkim-asp=none

Daniel Black schrieb:
Bernhard,

There's been two support requests to the public support list in a week. Can this change be made to reduce support effort?

https://lists.cacert.org/wws/arc/cacert-support/2009-04/msg00171.html
https://lists.cacert.org/wws/arc/cacert-support/2009-04/msg00096.html
Have the problems reported by Wytze been verified or solved? Currently I don't have much time for tests and I'd hate to do a hasty job here, resulting in even more work for support...

Ted

Ok,

I've tested it properly. The following directives are needed after enabling
mod_rewrite.

RewriteEngine        on
RewriteCond     %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS
RewriteRule     .? - [F]
ErrorDocument 403 "You need a client side certificate to access this site"

Then change 'SSLVerifyClient" to "optional'

I suggest this be used for https://cats.cacert.org and
https://secure.cacert.org.

Test here if you want https://community.cacert.org/test/

Daniel Black
--
Email/List Administrator
CAcert


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature




Archive powered by MHonArc 2.6.16.

Top of Page