chencc77
asked on
SSL Re-negotiation in conjunction with POST method not supported
Hello,
My problem:
Internet Explorer cannot POST with a client certificate unless I turn on "SSLVerifyClient
optional" in the virtual server container, which is not acceptable, because then ALL users
get prompted for a cert, and not all users will have one. (apache 2.0.58)
I have an SSL virtual server with multiple containers (per Location and per Directory).
All of them require Basic SSL Authentication using username & password from my htpasswd
file.
https://www.mydomain.com
The would be prompted for username and password and get in.
Then I tried:
https://www.mydomain.com/clientAuth
which is the <Location /clientAuth> that requires a client certificate using post method then I got this error:
Method Not Allowed
The request method POST is not allowed for the URL /clientAuth/test.do
In my logfile, I see this:
SSL Re-negotiation in conjunction with POST method not supported!\nhint: try SSLOptions +OptRenegotiate
The ONLY workaround I've been able to find to resolve this reliably on all platforms is to
add a "SSLVerifyClient optional" outside of my Location directives and right in the Virtual
Server container. But then here's the problem for me: by doing that, ALL users will first
get prompted for a cert as soon as they go to the main site: https://www.mydomain.com. That's
not acceptable, because only a select number of people will have certs. I don't want non-cert
users to get prompted for a cert. They will have to know to hit 'cancel' so the username/password
dialog will come up next.
Thanks for any help given.
My problem:
Internet Explorer cannot POST with a client certificate unless I turn on "SSLVerifyClient
optional" in the virtual server container, which is not acceptable, because then ALL users
get prompted for a cert, and not all users will have one. (apache 2.0.58)
I have an SSL virtual server with multiple containers (per Location and per Directory).
All of them require Basic SSL Authentication using username & password from my htpasswd
file.
https://www.mydomain.com
The would be prompted for username and password and get in.
Then I tried:
https://www.mydomain.com/clientAuth
which is the <Location /clientAuth> that requires a client certificate using post method then I got this error:
Method Not Allowed
The request method POST is not allowed for the URL /clientAuth/test.do
In my logfile, I see this:
SSL Re-negotiation in conjunction with POST method not supported!\nhint: try SSLOptions +OptRenegotiate
The ONLY workaround I've been able to find to resolve this reliably on all platforms is to
add a "SSLVerifyClient optional" outside of my Location directives and right in the Virtual
Server container. But then here's the problem for me: by doing that, ALL users will first
get prompted for a cert as soon as they go to the main site: https://www.mydomain.com. That's
not acceptable, because only a select number of people will have certs. I don't want non-cert
users to get prompted for a cert. They will have to know to hit 'cancel' so the username/password
dialog will come up next.
Thanks for any help given.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.