[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1397
  • Last Modified:

SSL Re-negotiation in conjunction with POST method not supported

Hello,

My problem:
Internet Explorer cannot POST with a client certificate unless I turn on "SSLVerifyClient
optional" in the virtual server container, which is not acceptable, because then ALL users
get prompted for a cert, and not all users will have one. (apache 2.0.58)

I have an SSL virtual server with multiple containers (per Location and per Directory).
All of them require Basic SSL Authentication using username & password from my htpasswd
file.

https://www.mydomain.com

The would be prompted for username and password and get in.

Then I tried:

https://www.mydomain.com/clientAuth

which is the <Location /clientAuth> that requires a client certificate using post method then I got this error:

Method Not Allowed
The request method POST is not allowed for the URL /clientAuth/test.do

In my logfile, I see this:

SSL Re-negotiation in conjunction with POST method not supported!\nhint: try SSLOptions +OptRenegotiate


The ONLY workaround I've been able to find to resolve this reliably on all platforms is to
add a "SSLVerifyClient optional" outside of my Location directives and right in the Virtual
Server container. But then here's the problem for me: by doing that, ALL users will first
get prompted for a cert as soon as they go to the main site: https://www.mydomain.com. That's
not acceptable, because only a select number of people will have certs. I don't want non-cert
users to get prompted for a cert. They will have to know to hit 'cancel' so the username/password
dialog will come up next.

Thanks for any help given.
0
chencc77
Asked:
chencc77
1 Solution
 
sleep_furiouslyCommented:
Is is possible for you to upgrade to version 2.2.x?

This bug has been fixed in 2.2, but the fix has not been backported to 2.0.

There is a fair bit of information here:
http://issues.apache.org/bugzilla/show_bug.cgi?id=12355

There is an unofficial patch for 2.0.x attached to that bug report if you are feeling adventurous ...
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now