Per-directory CA in httpd 2.4 (mod_ssl)

Asked 17/10, 2014 at 6:10 Answered 18/2, 2016 at 14:15

was support for per-directory CA files removed in httpd 2.4?

<Location /directory>
Require valid-user

SSLVerifyClient require
SSLVerifyDepth 5
SSLCACertificateFile /path/to/ca.crt
</Location>

This snippet works under httpd 2.2.29, but isn't valid for httpd 2.4.10 because of "Your SSL library does not have support for per-directory CA". I sadly couldn't find any evidence there was any change (no mention in release notes, documentation for mod_ssl is the same), so maybe it's bug?

Compiled on RHEL, "./configure --with-included-apr --enable-so --with-crypto --enable-ssl", openssl 1.0.1e (16.el6_5.15)

Epigynous answered 17/10, 2014 at 6:10 Comment(0)

It appears to be expected behaviour according to RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1179716

Forsta answered 24/4, 2015 at 15:7 Comment(0)

It happens also to me; with Apache 2.2.25 the SSLCACertificateFile directive works correctly under <location> tag.

However seems that in 2.4 does not. After some tries I can do it work putting the SSLCACertificateFile inside <VirtualHost> instead of <Location>.

So in Apache 2.4 use:

<VirtualHost localhost:443>
  SSLCACertificateFile /path/to/ca.crt
  <Location /directory>
  ...
  </Location>
</VirtualHost>

Instead of:

<VirtualHost localhost:443>
  ...
  <Location /directory>
    SSLCACertificateFile /path/to/ca.crt
  ...
  </Location>
</VirtualHost>

Hope it helps,

Guillemot answered 18/2, 2016 at 14:15 Comment(1)

And write on virtualhost, not in .htaccess. – Charette 2/10, 2020 at 4:21

It appears to be expected behaviour according to RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1179716

Forsta answered 24/4, 2015 at 15:7 Comment(0)

Recommended topics

Hot tags