0

I have the following configuration:

<VirtualHost *:443>

SSLVerifyClient     require 
SSLVerifyDepth      4

<Location />
    ####SSLVerifyClient     require
    ####SSLVerifyDepth      4
    Require expr %{SSL_CLIENT_I_DN_CN} in {"CLASSE-4"}
</Location>

<Location ^/myapplication/healthcheck$>
    SSLVerifyClient none
</Location>

For a specific reason, I want to keep "SSLVerifyClient require " on the top of "VirtualHost" and not inside a "location" tag, because there it generate a "Certificate request" trame that we con see on wireshark tool.

But there , if will ask for a certificate even for my healthcheck location.

Is there a solution to keep "SSLVerifyClient required" on the top and exclude "healthcheck from SSLClientVerify ?

Best regards,

Fozix
  • 1
  • I'm not sure it's possible. Why do you not want it in a Location tag? AFAIK that's the way to do it.. – jornane Dec 06 '19 at 17:03
  • Actually, the exchanged TCP trames are not the same if the SSLVerifyClient is in the top or in a location. And that in our case generate a problem of compatibility with our clients old sofwares, they expect a trame "Certificate request". The solution I found, is to create another virtualhost on another port specific to the healthcheck url, that don't ask for a certificate. – Fozix Dec 10 '19 at 15:49

0 Answers0