SSL with Virtual Hosts Using SNI (multiple name based configs) - Need to get working with client certificate

Question

I have the following configuration along with other name based virtual hosts. All others work fine but this one fails when enabling certificate authentication with the following error:

Non-default virtual host with SSLVerify set to 'require' and VirtualHost-specific CA certificate list is only available to clients with TLS server name indication (SNI) support

Listen 443
<VirtualHost *:443>
ServerName site.domain.com
ProxyPreserveHost On
#connection to application
ProxyPass / http://application:port/
ProxyPassReverse / http://http://application:port/
DocumentRoot /var/www
RewriteEngine On
ProxyRequests On
ProxyBadHeader Ignore
ProxyVia Full
## Logging, always a good idea.
LogLevel debug
ErrorLog logs/error_log
CustomLog logs/access_log common
SSLEngine on
SSLC-ipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# 2 way authentication 
SSLVerifyClient require
SSLVerifyDepth 10
# SSLOptions +FakeBasicAuth
#SSLRequireSSL
#SSLCACertificatePath /etc/httpd/conf.d/ssl.crt/
SSLCACertificateFile /etc/httpd/conf.d/ssl.crt/ca.pem
#SSLStrictSNIVHostCheck off
</VirtualHost>

Apache version: Apache/2.2.15 (Unix) OpenSSl version: OpenSSL 1.0.1e-fips 11 Feb 2013 Redhat Version: Red Hat Enterprise Linux Server release 6.5 (Santiago) Using latest chrome and firefox browser

Thanks

Hi Michael. Sorry, I dont understand. I see these in the debug logs and the website throws a 403 whereas it should ask for a certificate for authorization — Raj, Sep 30 '15 at 12:44

SSL with Virtual Hosts Using SNI (multiple name based configs) - Need to get working with client certificate

0 Answers0