[us...@httpd] What is better? Apache OR Tomcat client cert validation?

2010-03-24 Thread acastanheira2001
Hi, I need to validate client cert against some rules, but I don´t know what is the best approach. To validade client cert on Apache or on Tomcat? Thanks, Andre -- View this message in context: http://old.nabble.com/What-is-better--Apache-OR-Tomcat-client-cert-validation--tp28014761p28014761.

[us...@httpd] How to validate the subjectAltName?

2010-03-18 Thread acastanheira2001
Hi, I need to grant access only to some clients that have a specific info in the subjectAltName. I know how to check the name inside the client cert: e.g. SSLRequire ( %{SSL_CLIENT_S_DN_CN} eq "John Smith" ) How to do the same in the subjectAltName? Thanks, Andre -- View this message in con

[us...@httpd] ssl_error_handshake_failure_alert - client error page

2010-03-11 Thread acastanheira2001
Hi, I´ve setup a virtualhost that requires client certificate, and it works fine. But, if the client doesn´t have the cert, or the cert doesn´t match the conditions I´ve specified, the client browser returns a page with the "ssl_error_handshake_failure_alert" error. I would like to return a fr