Reputation: 123
Per-directory CA in httpd 2.4 (mod_ssl)
was support for per-directory CA files removed in httpd 2.4?
<Location /directory>
Require valid-user
SSLVerifyClient require
SSLVerifyDepth 5
SSLCACertificateFile /path/to/ca.crt
</Location>
This snippet works under httpd 2.2.29, but isn't valid for httpd 2.4.10 because of "Your SSL library does not have support for per-directory CA". I sadly couldn't find any evidence there was any change (no mention in release notes, documentation for mod_ssl is the same), so maybe it's bug?
Compiled on RHEL, "./configure --with-included-apr --enable-so --with-crypto --enable-ssl", openssl 1.0.1e (16.el6_5.15)
Upvotes: 8
Views: 7707
Answers (2)
Reputation: 18507
It happens also to me; with Apache 2.2.25 the SSLCACertificateFile directive works correctly under <location> tag.
However seems that in 2.4 does not. After some tries I can do it work putting the SSLCACertificateFile inside <VirtualHost> instead of <Location>.
So in Apache 2.4 use:
<VirtualHost localhost:443>
SSLCACertificateFile /path/to/ca.crt
<Location /directory>
...
</Location>
</VirtualHost>
Instead of:
<VirtualHost localhost:443>
...
<Location /directory>
SSLCACertificateFile /path/to/ca.crt
...
</Location>
</VirtualHost>
Hope it helps,
Upvotes: 7
Reputation: 1470
It appears to be expected behaviour according to RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1179716
Upvotes: 1
Related Questions
- How to make mod_ssl pointing to different openssl directory instead of default one in apache?
- How to assign a dedicated certificate to a sub-directory for proxy pass in Apache?
- hosting multiple SSL certs on apache
- Build mod_ssl.so using OpenSSL from non-standard location
- How does client cert authentication work on per directory basis?
- How to structure a CA directory for usage with OpenSSL?
- Two-way SSL authentication with Apache - CA certificate
- Apache2 + OpenSSL, Certificate CA
- Using OpenSSL and Want to use multiple CA_DIRs for load verify locations
- Apache - Multiple SSL Issue