Hello,

 

Adding <Location> around SSLVerifyClient and SSLVerifyDepth is causing my mutual authentication to fail with a ssl_error_handshake_failure_alert message.    I can't seem to determine what might be causing this.   I'll just jump right to the code below:

 

 

[WORKS]

 

Excerpting my httpd.conf:

 

<VirtualHost _default_:443>
 DocumentRoot "<path edited>/htdocs"
 SSLEngine on
 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+eNULL
 SSLCertificateFile "<path edited>/Cert/ssl.crt/server.crt"
 SSLCertificateKeyFile "<path edited>/Cert/ssl.key/server.key"
 SSLCACertificateFile "<path edited> Cert/ca.cer"
  SSLVerifyClient required
  SSLVerifyDepth 1
 <truncated>

 

The above works like a charm.    The only problem is it works EVERYWHERE I use 443 ... which is as expected.    So when I add my <Location> directive as below I get the Error code: ssl_error_handshake_failure_alert.     Though it properly triggers this error on requests to the specified location.    So I know that part is being picked up properly.    Does anybody know what can be causing this?      This seems to be how it was behaving before I added in the SSLCACertificateFile information.    Could the Location tag be causing the server to somehow ignore my SSLCACertificateFile?   

 

 

[DOESN'T WORK] :   Error code: ssl_error_handshake_failure_alert

 

<VirtualHost _default_:443>
 DocumentRoot "<path edited>/htdocs"
 SSLEngine on
 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+eNULL
 SSLCertificateFile "<path edited>/Cert/ssl.crt/server.crt"
 SSLCertificateKeyFile "<path edited>/Cert/ssl.key/server.key"
 SSLCACertificateFile "<path edited> Cert/ca.cer"
  <Location /logonWithCertificate> 

  SSLVerifyClient required
  SSLVerifyDepth 1

 </Location>
 

<truncated>

 

Thanks in advance for any insight.

 

-John