Apache :: Authenticating IE Users With Client Certificates?
Mar 15, 2013
I am having a problem getting Apache to allow access to IE 6/7/8/9 users with client certificates installed to access restricted resources. I have several servers (Windows and Linux) running various versions of Apache from 2.0 through 2.4, all behave the same way. I am simply unable to get client certificates to authenticate IE users. how I built the CAchain, CRLs, etc.
Note that using the same client certs from Firefox works just fine, users can successfully authenticate to the resource and get content.
##### ssl.conf
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM
[Code]....
View 1 Replies
ADVERTISEMENT
May 28, 2009
We renewed our SSL certificate about two weeks before it expired, and pushed the new one to our servers.
All has worked well, but a very small percentage of users are complaining that they're seeing errors that the certificate is expired.
Is there some browser or something that would cache the old certificate client-side even past its expiry?
View 2 Replies
View Related
Jun 18, 2013
I have a magento based ecommerce website. In have to integrate a payment method which requires a certificated delivered from a specific certification authority not recognized by browsers. Then I have to use 2 diffrent certificates, one for the payment and the other for the remaining secure operations. Is it configurable in apache?
View 6 Replies
View Related
Feb 19, 2007
how can i find out that my current Apache maxclient or maxperchild settings must be rised and that i have outgrown current settings?
Example httpd status output 56 requests currently being processed, 41 idle servers
View 7 Replies
View Related
Apr 14, 2014
I have been trying to set ssl client authentication with Apache.I basically have a server certificate issued by a recognized CA. For the normal ssl authentication I use the following configuration (and it works fine):
View 1 Replies
View Related
Dec 25, 2008
I have installed LP on my system, but I have one problem...
The sites main apache runs well, but I can't get the users apache to start.
The two should be run from different ports?
View 11 Replies
View Related
Dec 18, 2012
If you enable ssl in apache, you can verify a client certificate. If so apache will create a environment variable for you with the name 'SSL_CLIENT_VERIFY' with values 'NONE, SUCCESS, GENEROUS or FAILED:reason'. URL....What is the meaning of this different values?
View 1 Replies
View Related
Nov 1, 2013
Pretty new to Apache and recently enabled teh Apache Server Status module.
A column is confusing me, after CONN/CHILD/SLOT is CLIENT, most of the addresses in this column are my own local addresses but I have a few which I don't recognise and show up on whois.net as follows;
203.188.201.201 = Yahoo Mail
199.87.232.177 = No Result
141.44.51.95 = Query terms are ambiguous
58.218.204.102 = CHINANET-JS
Why would these show on my status?
View 4 Replies
View Related
Dec 31, 2012
- Apache version 2.2
- operating system Ubuntu
I think I have tried everything else and userdir would work the best and is essentially what I am looking for. So basically I want be able to view all the folders in the /var/[folders]/www the problem here is that only one of the folders in there is a user. This user is called server. So when I go to http://myipaddress/~server I can view the files and its all fine, but I want to be able to go to http://myipaddress/~mark which would be /var/mark/www but "mark" is not a user. So I just get a 404 page not found error.
View 1 Replies
View Related
Jul 27, 2008
[Sun Jul 27 15:06:12 2008] [error] [client ] % Total % Received % X
[Sun Jul 27 15:06:12 2008] [error] [client ] ferd Average Speed Time Time Time Current
[Sun Jul 27 15:06:12 2008] [error] [client ] Dload Upload Total Spent Left Speed
[Sun Jul 27 15:06:12 2008] [error] [client ]
0 0 0 0 0 0 0 0 --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0
Have you ever seen error like this?
View 4 Replies
View Related
Apr 24, 2013
I need to accomplish the following:
1. User hits my new 2.4 reverse proxy at [URL] ....
2. I proxy the request through to my "real" app server at [URL] ....
3. I also use a re-write rule to add a querystring to the URL: ?Parameter=Foo
4. So, client's request arrives at the my app server as [URL] .....
5. When my app server responds, it is including the Parameter=Foo key/value combination. I don't want this.
6. I want my reverse proxy (somebox.com) to strip "Parameter=Foo" from the string which gets returned to the client.
I have steps 1 & 2 working nicely, but it looks like I can't handle the last bit with with mod_rewrite. I found mod_filter and mod_substitute, but it appears that this stuff is used for re-writing strings IN the document. Can these libs be used to maybe modify (I'm guessing here) the headers so that the "?Parameter=Foo" string can't be seen on the client if they're running something like fiddler?
View 3 Replies
View Related
Oct 17, 2013
I know that port 80 is reserved for HTTP communication to clients on the apache server,and that the client can receive the HTTP response to any port on the client machine, I think there might be more details to it than this. I am required to describe how client and server sockets are used for the client/server communication between an Apache Web server and Web client processes.
View 1 Replies
View Related
Jul 30, 2013
I am trying a webpage siremis whenever i try to login i am getting below error in error log of apache [client 192.168.137.7:4758] AH01630: client denied by server configuration: /opt/siremis-4.0.0/siremis/.htaccess
in httpd.conf following is the rule
Alias /siremis "/opt/siremis-4.0.0/siremis"
<Directory "/opt/siremis-4.0.0/siremis">
Options Indexes FollowSymLinks MultiViews
[code]....
i am using apache 2 and php 5.5.1 and mysql 5.6.12.
View 3 Replies
View Related
Sep 19, 2014
I've got a quite difficult problem which I don't know hoe to solve. We use a self created ISAPI module which is a "business server" running behind an Apache.
From time to time a client app crashes the server (the circumstances are not quite clear) - and because there is only one server process, all other clients crash as well. Here is an exemplary log of a crash:
Faulting application name: httpd.exe, version: 2.2.22.0, time stamp: 0x4f242d7a
Faulting module name: ABCServer.dll, version: 1.0.0.1, time stamp: 0x53cfffa5
Exception code: 0xc00000fd
Fault offset: 0x00004cf6
Faulting process id: 0x94c
Faulting application start time: 0x01cfc5cc18c67d57
Faulting application path: C:Program Files (x86)Apache Software FoundationApache2.2inhttpd.exe
Faulting module path: C:datawwwabcremoteABCServer.dll
Report Id: d27d5891-31da-11e4-93ff-0003ff4356f9
Faulting package full name:
Faulting package-relative application ID:
Exception code: 0xc00000fd means stack overflow as I learnt. Therefore we configured mpm_winnt_module to use a 8M ThreadStackSize but this didn't work.
A solution might be that Apache starts for every client its own server process with the module ABCServer.dll. Because it is quite small and there are not thousands of customers this sounds like the perfect solution. No other clients/customers would be affected by a crash.
Unfortunately mpm_winnt_module supports only 1 process AFAIK. Worker and Prefork MPM are not available in Apache's Windows version what I read.
How can we configure Apache to start a new module process per client?
View 3 Replies
View Related
Oct 29, 2014
I am setting up apache 2.4 as a service locally through localhost on a windows 2008 R2 standard server. I have set up SSL listening on port 443 and works correctly, however I am having trouble figuring out how to get apache to authenticate my CAC card.
I have downloaded the DOD certs and put them into various types of files including pem, base 64, der etc and I have yet to figure out a way to get the client certificates validated.
I have left out the information about the SSLCertificateChainFile, SSLCACertificateFile and SSLCARevocationPath as I am sure this must be where my problem is.
Is it possible to get this done through localhost. Here is the error I am getting in the error log.
[Wed Oct 29 11:37:05.675491 2014] [ssl:error] [pid xxxx:tid xxx] [client 127.0.0.1:59282] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
I am using a self created self signed server ceritficate. Here are some details from my httpd-ssl.conf file:
Code:
<VirtualHost _default_:443>
DocumentRoot "${SRVROOT}/htdocs"
ServerName localhost:443
ServerAdmin admin@example.com
ErrorLog "${SRVROOT}/logs/jtdi.log"
TransferLog "${SRVROOT}/logs/jtdi-Transfer.log"
[Code] ....
View 1 Replies
View Related
Nov 25, 2014
I am trying to deploy siteminder web agent on apache web server.They have a pre-req which says that while installing apache server, "install as a service, available for all users" "When an Apache-based web server is installed using a single user account, the Agent configuration cannot detect the Apache-based web server installation."
I don't see any msi installer anymore for apache web server, which had this option to select while installing.Now all i see is a zip file and i just have to unzip as part of installation. With this when I install httpd as a service, it is not detected by siteminder agent.So how can I set this "install as a service, available for all users" after installing from zip file?
View 1 Replies
View Related
Jul 14, 2008
I have a client who's Apache on a CPanel based VPS keep's restarting.
In the error log we recieve two of these lines
"client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFin "
Then the Apache will restart.
I have looked around and found some threads about this problem, but none explaining how to fix this.
View 4 Replies
View Related
Oct 1, 2014
Is it possible to verify client certificate based on username?If possible, How can we implement it in our httpd-ssl.conf file.
View 1 Replies
View Related
Jun 5, 2014
I've a Wordpress Blog on a Ubuntu 13.10 server with Apache 2.4.2.
For only one page on this site I've this error and can't find a solution.
View 15 Replies
View Related
Feb 20, 2013
I just setup an intranet wiki running apache2.2 on ubuntu 12.04. The server currently requires two-way certificate authentication (i.e. a server cert AND client certs).In <VirtualHost *:80>, Redirect permanent / https://<intranetSite>
Everything works dandy, except now that I'd like to find a way to bypass the client cert check for localhost so that I can run some maintenance scripts via cron on the server. Or perhaps it's possible to bypass SSL entirely, just for localhost?
View 2 Replies
View Related
Sep 5, 2014
We are getting 403 for bidden error when accessing from web clients.
Here are my config files:
httpd.conf & httpd-ssl.conf files:
1) [URL] ....
2) [URL] ....
Any changes we have to make in our configuration files.
View 1 Replies
View Related
Dec 31, 2013
i want to configure Apache so that it receives a client certificate, an passes it to another server.I'm using:
- apache 2.0.65 on windows
- the backend server is an apache-based solution (IBM HTTP Server)
I tried this config:
<VirtualHost *:443>ServerName apacheserver.domain.comSSLEngine onSSLProxyEngine onSSLCertificateFile "e:/Apache/Apache2/conf/server.cer"SSLCertificateKeyFile "e:/Apache/Apache2/conf/server.key"SSLCACertificateFile "e:/Apache/Apache2/conf/certca.cer"SSLVerifyClient requireSSLVerifyDepth 2ProxyPreserveHost onProxyRequests off<Proxy *>AddDefaultCharset
[code]....
View 1 Replies
View Related
Jul 4, 2013
I am using mod_auth_form.For security reasons, I would like to ensure that users are ALWAYS redirected to the page specified in AuthFormLoginSuccess Location after a successful login. Therefore, I would like to disable processing of the httpd_location form parameter.
The best I can do seems to be to use AuthFormLocation to set the field name to a hard-to-guess value, e.g. AuthFormLocation "32 b63 a#ve"
View 1 Replies
View Related
Jul 1, 2008
In my old server (VPS) I had my dir structure as:
sitea.com was pointing to
/home/me/public_html/sitea
siteb.com was pointing to
/home/me/public_html/siteb
On my new server, I have root permissions and used Plesk to create two domains sitea.com and siteb.com . Now plesk asks for a user to be created for each domain, so created usera and userb for sitea and siteb respectively.
Now as root on my server I created the dir /home/me/ and untarred the whole backup from old server to new server and I have dirs :
/home/me/public_html/sitea and /home/me/public_html/siteb
In apache configuration in file:
httpd.include_sitea under
dir /var/www/vhosts/sitea.com/conf/httpd.include
I changed the document root to /home/me/public_html/sitea
So I thought I am all set. But it does not work. When I try sitea.com in the browser it works but for all subdirs, for eg sitea.com/images it says Access denied.
This is because the dirs I created are owned by root.
So the owner of /home/me/public_html/sitea needs to be usera for this to work ?
Again for siteb to work I need to change the owner of /home/me/public_html/siteb to userb ?
This will be painful ? At least I should be able to change the owner of /home/me/public_html/ to one owner and ensure all sites under that work fine. How do I do that ?
I think the problem is clear by now. Its that I want all my sites to work off from .../public_html/ sub dirs.
View 2 Replies
View Related
Sep 6, 2013
The upgrade has an error when manage the users database.
PRODUCT, VERSION, VERSION OF MICROUPDATE, OPERATING SYSTEM, ARCHITECTURE
OS Microsoft Windows Server 2008 R2 Service Pack 1 x64
Panel version 11.5.30 Update #13, last updated at Sept 1, 2013 03:30 PM
PROBLEM DESCRIPTION
In a costumer panel have a one database MSSQL, and assign to this DB 3 users, but the tab option "Users" don't work fot his costumer and show this error:
Error Javascript:
TypeError: template is null
this.template = template.toString(); in protototype.js 8472831 (lÃnea 807)
ACTUAL RESULT
Error Javascript:
TypeError: template is null
this.template = template.toString(); in protototype.js 8472831 (lÃnea 807)
EXPECTED RESULT
Show users in the tab users for database.
View 2 Replies
View Related
Mar 25, 2009
On my server, users can connect to any database as long as they have the database user and password. This makes it easier to hack any database on the server.
What I want to do is to make the users can only connect to their own databases and not other's.
I tried changing the localhost ip address but it didn't work ( I assume I didn't do it the right way)
View 7 Replies
View Related
Jul 1, 2008
I need to setup SSL.
I've never used SSL on any of my websites and I've never really understood how the certificates work.
I understand that SSL is used as a secure connection protocol (https://) and that it needs a valid certificate so that the encrypted data transfer can be committed.
OK makes sence, but why do some websites seem to have such difficultly setting up valid certificates?
You can setup SSL by with Apache + OpenSSL, but why do website hosting providers still allow you to purchase SSL certificates (isn't it supposed to be free)?
Finally, is it possible to setup SSL for a multiple-domain (Victual Host) server?
View 2 Replies
View Related
Jan 31, 2008
I have a client who requested me to do a website for his credit union company.
Some of the pages are forms that require customers to enter crucial information ie ssn etc etc. I told him that this can be broken into..and therefore he would need a secure way of transmitting this information. Therefore would the SSL certificate work for this issue? Where do i get one? We have a dedicated server and do i need to configure anything on that? Where can i get a trusted SSL Certificate, and ofcourse help to install it.
View 1 Replies
View Related
Jan 27, 2009
if you could recommend a place to get a certificate... I have seen many people talking about that you could get a rapidSSL for $15 +/- , but I was not able to find any sites that low.
View 14 Replies
View Related
Dec 24, 2007
A year ago I bought a Geotrust quick SSL vertificate from my dedicated server host for about 299.
Now I see companies like server tastic selling the same Geotrust cert for $79 ehen Geotrusts website is still $299. How can that be? what am I missing here.
View 5 Replies
View Related