SSL Re-negotiation in conjunction with POST method not supported

Posted on 2006-06-04
Last Modified: 2008-01-09

My problem:
Internet Explorer cannot POST with a client certificate unless I turn on "SSLVerifyClient
optional" in the virtual server container, which is not acceptable, because then ALL users
get prompted for a cert, and not all users will have one. (apache 2.0.58)

I have an SSL virtual server with multiple containers (per Location and per Directory).
All of them require Basic SSL Authentication using username & password from my htpasswd

The would be prompted for username and password and get in.

Then I tried:

which is the <Location /clientAuth> that requires a client certificate using post method then I got this error:

Method Not Allowed
The request method POST is not allowed for the URL /clientAuth/

In my logfile, I see this:

SSL Re-negotiation in conjunction with POST method not supported!\nhint: try SSLOptions +OptRenegotiate

The ONLY workaround I've been able to find to resolve this reliably on all platforms is to
add a "SSLVerifyClient optional" outside of my Location directives and right in the Virtual
Server container. But then here's the problem for me: by doing that, ALL users will first
get prompted for a cert as soon as they go to the main site: That's
not acceptable, because only a select number of people will have certs. I don't want non-cert
users to get prompted for a cert. They will have to know to hit 'cancel' so the username/password
dialog will come up next.

Thanks for any help given.
Question by:chencc77
    1 Comment
    LVL 10

    Accepted Solution

    Is is possible for you to upgrade to version 2.2.x?

    This bug has been fixed in 2.2, but the fix has not been backported to 2.0.

    There is a fair bit of information here:

    There is an unofficial patch for 2.0.x attached to that bug report if you are feeling adventurous ...

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
    If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now