This week's book giveaway is in the HTML/CSS/JavaScript forum.
We're giving away four copies of Practical SVG and have Chris Coyier on-line!
See this thread for details.
Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Apache HTTPs Configuration

Sudhakar Krishnamurthy
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a Apache server that is configured to authenticate clients for a certain URL while the other clients are not authenticated.

Now when a client is trying to get a file from /myServlet/FileServlet/ location I expect the server to send a request to obtain the client certificate, while if the client is attempting to get a file from other locations no client authentication should be performed.

The behavior I am seeing is when the client comes in to the secure location with a HTTPS GET request, SSL handshake occurs without the server requesting for certificate, then I see that the HTTP GET request coming through to HTTP layer and then the server initiates another SSL handshake(re-negotiation) during which the server is requesting for the client certificate. My client is NOT a browser, it's a HTTPS client in C developed by someone else to support few basic HTTPS commands. Now my question is, is this the standard behavior or should the server be requesting the certificate in the first SSL handshake process?? If this is not the standard way of handling then is their something in the apache configuration that I am missing. Can someone please help me out.
Because those who mind don't matter and those who matter don't mind - Seuss. Tiny ad:
the new thread boost feature brings a LOT of attention to your favorite threads
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!