Q1)
I'm new to Apache HTTP Server, I'm trying to configure the SSLRequire for particular contexts. Below are the 2 cases:
a) Checking against CA-Signed Certificate's attributes, it is working as expected:
<Location /https_ca_ba/getItem1>
SSLVerifyClient require
SSLVerifyDepth 10
SSLRequireSSL
SSLRequire %{SSL_CLIENT_S_DN_O} eq "My Org" \
and %{SSL_CLIENT_S_DN_OU} eq "My Team" \
and %{SSL_CLIENT_S_DN_CN} eq "<ca-signed-cert>.mycompany.com"
RequestHeader set Authorization "Basic <base64string>"
ProxyPass https://internal_host:443/ws/soap/getItem
ProxyPassReverse https://internal_host:443/ws/soap/getItem
</Location>
b) Checking against Self-Signed Certificate. However, I got the error "AH02229: access to proxy:https://:443/ws/soap/getItem failed, reason: SSL requirement expression not fulfilled". I double check, the CN name configured is correct:
<Location /https_ca_ba/getItem2>
SSLVerifyClient none
SSLRequire %{SSL_CLIENT_S_DN_CN} eq "<self-signed-cert>.mycompany.com"
RequestHeader set Authorization "Basic <base64string>"
ProxyPass https://internal_host:443/ws/simple/getItem
ProxyPassReverse https://internal_host:443/ws/simple/getItem
</Location>
Did I configured wrongly?
Q2) Is there any way to configure client cert authentication in Apache HTTP Server? External party will provide the certificate.
Could you please advise?
Thanks
Regards,
Damon
Best Answer
Missing brackets for
SSLRequire