Re: [users@httpd] SSL library error 1 in handshake

2011-01-18 Thread Martin Kuba
Dne 18.1.2011 18:12, g f napsal(a): Hey Martin, common access cards are smart cards that allow a user to authenticate to a domain using just the card(inserted into the card reader) and a pin number. The directive */SSLVerifyClient require/* requires all https access utilize a smart card. no sm

RE: [users@httpd] Apache Reverse Proxy

2011-01-18 Thread Jeff Poling
Chris, I recently inherited responsibility for two apache servers that function as reverse proxies. They work really well. I am still learning, but I believe all you need is mod_proxy to get the reverse proxy functionality. Jeff Jeffrey Poling System Administrator | Information Systems Moody

[users@httpd] Apache Reverse Proxy

2011-01-18 Thread Christian Pascher
Hi, I have a topology with two apache webservers. I want to set up a new server as a reverse proxy with caching and load balancing. As far as I know, this works fine with apache and I don't need extra software like squid. Am I right? Is it possible, that the servers can use both, HTTP and HTT

Re: [users@httpd] SSL library error 1 in handshake

2011-01-18 Thread g f
Hey Martin, common access cards are smart cards that allow a user to authenticate to a domain using just the card(inserted into the card reader) and a pin number. The directive *SSLVerifyClient require* requires all https access utilize a smart card. no smart card, no access. *SSLVerifyClient opt

Re: [users@httpd] SSL library error 1 in handshake

2011-01-18 Thread Alan Brown
Not sure if this is the cause of your problem but the phrase 'works until I add: SSLVerifyClient require' reminds me of a similar problem I encountered recently with SSL client certificates. In Apache documentation on SSL (or in Apache Cookbook) it doesn't mention that a client certificate must

Re: [users@httpd] SSL library error 1 in handshake

2011-01-18 Thread Martin Kuba
Hi G40, I am a bit confused from your description, I do not know what you mean by "common access cards" and what you mean by forcing them. Also I do not understand where is your python proxy, is it on the server or on the client ? I have a suspicion that you are mixing the client and the server

Re: [users@httpd] SSL library error 1 in handshake

2011-01-18 Thread Joost de Heer
On Tue, January 18, 2011 16:16, g f wrote: > Hello all, > I have a debian os running Apache 2.2.16(debian) along with tomcat 6.0.29. > I > use mod_jk as well as mod_auth_kerb module for apache. Apache and the > modules are debian repository packages. > > I recently attempted to activate common acce

Re: [users@httpd] SSL library error 1 in handshake

2011-01-18 Thread g f
Hello Martin, thanks for the reply. I have those directives already and it all works until I add: *SSLVerifyClient require* I changed this directive to *optional* and it seems to work now, though I am not so confidant in this configuration. I wonder if there is a way to pass the client cert throug

Re: [users@httpd] SSL library error 1 in handshake

2011-01-18 Thread Martin Kuba
Hi G40, the "SSLVerifyClient require" requires that the client presents a certificate. You have to configure also the list of Certification Authorities that the server accepts by the following directives: SSLCACertificatePath /etc/ssl/certs/ or SSLCACertificateFile /etc/apache2/ssl.crt/ca-bund

[users@httpd] SSL library error 1 in handshake

2011-01-18 Thread g f
Hello all, I have a debian os running Apache 2.2.16(debian) along with tomcat 6.0.29. I use mod_jk as well as mod_auth_kerb module for apache. Apache and the modules are debian repository packages. I recently attempted to activate common access cards and if I just activate them but do not force th

Re: [users@httpd] headers precedence 1.3 vs 2.2

2011-01-18 Thread Uxio Faria
El 18/01/11 14:57, Igor Galić escribió: > > - "Nick Kew" wrote: > >> On 18 Jan 2011, at 02:24, Uxio Faria wrote: >> >>> Ok, everything is fine with this. But with apache 2.2 i can't do >> that, headers setted with Header directive >>> in apache conf, can't be overwrited by php. >>

Re: [users@httpd] mod_proxy_balancer question

2011-01-18 Thread Igor Galić
- "Tom Jones" wrote: > Hello, > I have a couple of apps running on Tomcat servers and I would like to > use mod_proxy_balancer for load balancing and failover. My question > has to do with performance. I see that there is a mod_proxy_ajp and > mod_proxy_http modules; are there any performanc

Re: [users@httpd] headers precedence 1.3 vs 2.2

2011-01-18 Thread Igor Galić
- "Nick Kew" wrote: > On 18 Jan 2011, at 02:24, Uxio Faria wrote: > > > Ok, everything is fine with this. But with apache 2.2 i can't do > that, headers setted with Header directive > > in apache conf, can't be overwrited by php. > > Is it now returning two headers, one from the co

[users@httpd] suexec and virtual hosting

2011-01-18 Thread Gary Smith
I have a follow up to the IRC message earlier regarding protected virtual sites from cross cgi file reads. I'm using an odd structure for our virtual sites, which seems to be making it painful to implement the suexec, unless there is something that I'm missing. We have several sites configured