[rt-users] Re: rt-mailgate problem with 'SSLVerifyClient require'

Christian Gilmore cag at us.ibm.com
Fri Feb 20 11:01:12 EST 2004


SSLVerifyClient can be set on a per-directory basis, so you can set the 
self-service links that mailgate needs to 'SSLVerifyClient none' or you 
could put up an entirely new virtual host on a separate port perhaps that 
would accept connections from only localhost and would require no SSL 
client verification. You may want to read the mod_ssl reference 
documentation at www.modssl.org. It spells out these options.

Thanks,
Christian

----------------------
Christian Gilmore
Technology Leader, CISSP
GeT Support Application Development
IBM Software Group




Cerion Armour-Brown <cerion at terpsichore.ws> 
Sent by: rt-users-bounces at lists.bestpractical.com
02/20/04 04:06 AM

To
seph <seph at directionless.org>
cc
rt-users at lists.bestpractical.com
Subject
[rt-users] Re: rt-mailgate problem with 'SSLVerifyClient require'






On Friday 20 February 2004 02:29, seph wrote:
> > Yep - I need this to run over the internet.
> >
> > I would have thought it was possible to set up apache so it didn't
> > require client certs from localhost... but I don't even know if I'm
> > asking the right questions!
> > Cerion
>
> It is possible to set apache up to not require ssl or clients certs or
> whatever from localhost (or any other specific address). Apache's auth
> systems is very flexible, make use of the Satisfy directive and read
> apache's docs. Or search the mailing list hard enough for the last
> time it was posted.
>
> seph

Really appreciate the feedback, but if you mean this:
---
        Alias /rt3/REST/1.0  /opt/rt3/share/html/REST/1.0
        <Location "/rt3/REST/1.0">
                Satisfy Any
                Options FollowSymLinks Indexes ExecCGI
                AllowOverride None
                Order deny,allow
                Allow from localhost
        </Location>
---
It doesn't work for me, if I also set "SSLVerifyClient require"

Can you verify that it _should_ work?
Thanks,
Cerion

_______________________________________________
rt-users mailing list
rt-users at lists.bestpractical.com
http://lists.bestpractical.com/mailman/listinfo/rt-users

Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20040220/6cb20ac8/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5195 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20040220/6cb20ac8/attachment.bin>


More information about the rt-users mailing list