httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Buddy wu <ejournal...@gmail.com>
Subject Re: [users@httpd] how to PROMT the user who access the site that we ask for a client certificat
Date Thu, 30 Apr 2009 08:55:23 GMT
2009/4/30 Sean Conner <spc@conman.org>

> It was thus said that the Great Krist van Besien once stated:
> > On Wed, Apr 29, 2009 at 4:06 AM, Buddy wu <ejournal4me@gmail.com> wrote:
> > > I use apache with ssl and require client cert. how to let the user know
> he
> > > shouldrequest a cert? now when a person without a cert access the site,
> it
> > > only appreas that "the site can't be displayed ,maybe network problem"
> > > how to give a hint to user , he should use a cert to access this cert
> >
> > Use a custom error page.
>
>   That won't work.  The error Buddy is getting is happening at a lower
> level
> as SSL is trying to negotiate a secure channel.  On Firefox 2, I get a
> rather terse pop-up box with what looks like a random number on it.
>  Firefox
> 3 gives a bit more information, but that's the client.  And Apache won't
> log
> a request since no request has been sent.
>
>  Your best bet is to have the protected content a bit lower in the site.
> For instance, my own secure site:
>
>        https://secure.conman.org/
>
>  is visible to all.  The critical stuff, the stuff that's protected by
> client certificates, appears under:
>
>        https://secure.conman.org/library/
>
>  That's about the best you can do at this point in time.
>
>  -spc
>
>
en, after trying sometimes. I found you're right. it's based on browse which
the user used. like IE ,  it will pop up a dialog to infirm that it need a
certificate to forward. but chrome can't. ( i don't try firefox) even I
installed the certificate in the computer, the chrome also can't access the
site.


>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


-- 
blog <http://eye4china.buddub.com>

Mime
View raw message