CODEWITHSUNDEEP
apachesslerrordocument
Patrick
Patrick

Reputation: 81

How do I add custom errors for client certificates in Apache?

How do I configure a custom error document for when a user fails to provide a client certificate or when the one they provide is invalid?

The browser displays ERR_BAD_SSL_CLIENT_AUTH_CERT and ERR_SSL_DECRYPT_ERROR_ALERT respectively when I encounter those errors. I'd like to provide the user with a custom error.

This is how I do it in NGINX.

location = /495.html {}
error_page 495 /495.html;
location = /496.html {}
error_page 496 /496.html;

When I add the following line to the apache config I receive the error "Unsupported HTTP response code 495".

ErrorDocument 495 /495.html

This is running httpd-2.4.6-45.el7.centos.4.x86_64

UPDATE:

I am able to provide a custom error document for the 496 error by changing SSLVerifyClient from require to optional and using a rewrite rule.

<Directory "/var/www/html">
  SSLVerifyClient optional
  RewriteEngine On
  RewriteCond %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS
  RewriteRule . 496.html [L]
</Directory>

The 495 error still eludes me.

Upvotes: 1

Views: 1583

Answers (1)

Ryan Terry
Ryan Terry

Reputation: 77

What version of Apache are you running?

https://unix.stackexchange.com/questions/290845/unsupported-http-response-code-429

Apache 2.2 does not support 495.

Apache 2.4 does support this according to https://httpd.apache.org/docs/2.4/custom-error.html

Customized error responses can be defined for any HTTP status code designated as an error condition - that is, any 4xx or 5xx status.

Upvotes: 0

Related Questions