httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] SSL Certificate Validation
Date Thu, 08 Feb 2018 16:19:11 GMT
On Thu, Feb 8, 2018 at 7:36 AM, Belmona, Nizar <nbelmona@cscgroup.com>
wrote:

> Thanks Rainer and Daniel.
>
> Sorry for the confusion and please let me clarify.
>
>
>
> We have a web server with Apache 2.2.22 with OpenSSL 0.9.8t, the Apache
> service launches fine and the users/developers are able to connect however
> developers through their code bypass the Server SSL certificate
> verification. I am not worried about the client certificate validation
> since we are not using it,  all the concern is we need to stop users
> bypassing the Server SSL verification who are claiming they have to bypass
> it since the certificate name doesn’t match the server name in the link
> being called. Kindly note that configuration in hhtpd.conf is:
>



​You can't stop them unless you control the client.  You only control the
server. The only thing you could do is provide a better certificate.
​

Mime
View raw message