Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

mod_ssl redirect to site if client does not have valid certificate

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users mod_ssl redirect to site if client does not have valid certificate
# 1  
Old 07-16-2008
mod_ssl redirect to site if client does not have valid certificate
Hello!

I have setup a site to which users authenticate against with openssl certificates.
Everything works just fine, be I wish to be able to redirect to a error page with instructions instead of displaying the default error page that firefox displays.

How to? I got nothing out of google...

Best regards.
# 2  
Old 07-16-2008
Firefox displays only the error page that has been configured in your (I guess) Apache. Check your httpd.conf or a related include file where errors are defined like for example:

Code:
...
ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
...

Also check the official Apache documentation:
Custom Error Responses - Apache HTTP Server
# 3  
Old 07-16-2008
Ah I'm sorry! yes its apache.
Ok I will look into this!
Thank you for your response!
# 4  
Old 07-21-2008
Hello again, I've looked in to the httpd.conf but I cant figure out which error code apache generates and how to fetch it into an event.

What I know is that the server sends "SSL_ERROR_HANDSHAKE_FAILURE_ALERT" to the client, but I dont know how to use that error code to display an error page.

Please help
# 5  
Old 07-21-2008
Can you check the Apache's access_log (or whatever it's name it is for the access log in your config) - the should be entries like for example:
Code:
10.10.1.23 - - [17/Jul/2008:07:07:47 +0200] "GET /somedir HTTP/1.1" 401 1446

The 401 is the error code in this example which is what you can configure in your httpd.conf or include file for it, afaik.
When you reproduce that "SSL_ERROR_HANDSHAKE_FAILURE_ALERT" error, you should check what kind of entry you get added in the access log I mentioned above. Maybe you can write a directive for that then like mentioned in one of my former answers.
# 6  
Old 07-22-2008
Hello!

Ah now I get what you mean!

xx.xx.xx.xx - - [22/Jul/2008:09:04:07 +0200] "GET /wiki/index.php/Main_Page HTTP/1.1" 403 -

This is what I get, I've added the following line in my vhost entry:
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var

But no success yet.
# 7  
Old 07-22-2008
What error do you get in the browser window and in the logs of the webserver?

I can't describe it further - I would have to test it myself, so you will have to look up examples and try around, sorry.

Is the ErrorDocument directive placed inside the <Directory></Directory>?

Here you find the details on that directive:
core - Apache HTTP Server
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Programming

Python- Client and server certificate validation

Hello Team, I have to verify the Client server certificate validation in HTTPS request(SSL hand shake before the actual HTTPS post request), And tried various ways and failed to verify it successfully. here are the trials and errors, resp = requests.post(url, req, verify=True, timeout=5,... (0 Replies)
Discussion started by: chandana.hs
0 Replies

2. UNIX for Beginners Questions & Answers

How to install new certificate in HPUX client store?

We have a HPUX server that talks to a web service. We recently updated the web service certificate to a new SHA256 cert that has an updated intermediate cert. The HPUX server is now unable to connect because it cannot validate the cert chain due to it not having the new intermediate CA cert. I... (0 Replies)
Discussion started by: techmattr
0 Replies

3. UNIX for Advanced & Expert Users

Does vsftpd support user access with client certificate with priv/pub key + vsftpd certificate?

:rolleyes:I am trying to setup all certificate based client-server environment in Linux using vsftpd and curl with openssl. I would like to make a user access with vsftpd certificate and user own client certificate (self-signed) with private/public key. I don't see google posts about the my plan... (4 Replies)
Discussion started by: gogogo
4 Replies

4. Red Hat

To download mod_ssl for Red Hat Enterprise Linux Server release 5.6 Beta (Tikanga)

Hi, Anyone know how and where to download mod_ssl package into Red Hat Enterprise Linux Server release 5.6 Beta (Tikanga) ? could you also show what's the procedure to apply the mod_ssl into the server and how to apply the digital cert into apache server and so on. Thanks. (1 Reply)
Discussion started by: ckwan
1 Replies

5. IP Networking

Does cisco 1921 router support site to site VPNs using IPSec?

Q: "Does Cisco 1921 router support,, act as an endpoint for, site to site VPNs using IPSec? If so, how many? " A: If you get the Cisco 1921/k9 with the security services bundle then it will have built in security features. Cisco, typically includes IP Sec tunnels I believe as part of that... (0 Replies)
Discussion started by: Ayaerlee
0 Replies

6. UNIX for Dummies Questions & Answers

Sign Soap Message from client certificate from UNIX

I have to call a webservice , I need to pass the static request from Unix which should have message signing details in the soap header . I am using cURL command for this. I do not have java , I need to do it through Unix only . Below is the kind of Soap envelop I want to wrap around my request .... (0 Replies)
Discussion started by: IshuGupta
0 Replies

7. UNIX for Dummies Questions & Answers

Calling a webservice and pass a client certificate

Hi, I am trying to call a http soap webservice using curl command , I have tried the below option but I am getting a failure . curl -H "Content-Type: text/xml; charset=utf-8" -H SOAPAction:" -d @Request.xml -X POST... (1 Reply)
Discussion started by: IshuGupta
1 Replies

8. Programming

Unable to use libcurl to access a site requiring client authentication

I’m using the below snipped for setting the certificate and key for client authentication. curl_easy_setopt(curl,CURLOPT_SSLCERT,"clientCert.pem"); curl_easy_setopt(curl,CURLOPT_SSLCERTPASSWD,"changeit"); curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM"); ... (2 Replies)
Discussion started by: old_as_a_fossil
2 Replies

9. Web Development

Apache:mod_ssl:Error: Private key not found

hi folks, I have Apache 2.2.8 running on Red Hat Enterprise Linux Server release 5 (Tikanga). I have installed a purchased certificate on my server. Upon restarting httpd, I get the following error: # /etc/init.d/httpd start Apache/2.2.8 mod_ssl/2.2.8 (Pass Phrase Dialog) Some of your... (0 Replies)
Discussion started by: nemotech
0 Replies

10. HP-UX

Mod_ssl patch for Apache server v2.0.49

Hi there, Please help, anyone know where to download latest Mod_SSL patch for Apache server v2.0.49 . Have tried www.apache.org but there is not latest patch available. (8 Replies)
Discussion started by: e_jeffhang
8 Replies
Login or Register to Ask a Question