httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Osterrath <>
Subject [users@httpd] SSLVerifyClient with IE7
Date Tue, 04 Mar 2008 13:49:30 GMT

I've setup a https site with Apache 2.0.52, mod_ssl 2.0.52 and OpenSSL 0.9.7a
(Red Hat Enterprise Linux ES release 4 (Nahant Update 4)). A special
directory should be optional authenticated via client certificate. This
works with Firefox, Netscape, IE6 but not with IE7 (Windows XP SP2 and
Windows Vista).

When trying to access the page with IE7 the browser let me choose the client
certificate but then shows the error message "The browser can not connect to
the site.". In the log files of the server there's only 1 new line:

    [error] Re-negotiation handshake failed: Not accepted by client!?

Here's the httpd.conf part for SSL:

    SSLEngine on
    SSLProtocol +SSLv3
    SSLCipherSuite HIGH:MEDIUM:SSLv3
    SSLCertificateFile /etc/httpd/conf/ssl.crt/mydomain.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mydomain.key
    SSLCACertificateFile /etc/httpd/conf/ssl.crt/
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0

    <Directory  "/var/www/public/htdocs/protected">
      SSLVerifyClient optional
      SSLVerifyDepth 5
      SSLCACertificateFile /etc/httpd/conf/protected/ssl.crt
      SSLOptions +FakeBasicAuth +StdEnvVars +ExportCertData

Any suggestions?
View this message in context:
Sent from the Apache HTTP Server - Users mailing list archive at

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message