Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
IBM HTTP Server (SSL)-You don't have permission to access / on this server.
789 views
Skip to first unread message
contac...@gmail.com
Feb 29, 2008, 3:56:51 PM2/29/08
to
Hi,<br />
I have IBM HTTP Server V6.1 installed. I have enabled SSL & created key files as well as self signed certificate. It prompts me to accept the certificate whenever I access the page. Here is snippet of mt 'httpd.conf' -<br />
<VirtualHost *:443><br />
ServerName <something><br />
SSLEnable<br />
SSLClientAuth <b>Required</b><br />
In this case I get the above mentioned error '403 Forbidden -You don't have permission to access / on this server.'<br />
Error logs are<br />
<a href="http://www-128.ibm.com/developerworks/forums/">warn</a> SSL0265W: Client did not supply a certificate.<br />
<br />
If I make SSLClientAuth <b>Optional</b>, I can see the HomePage with no error. I understand what these options mean. But I am not sure why my browser is not supplying the certificate....<br />
<br />
Thanks...
I have IBM HTTP Server V6.1 installed. I have enabled SSL & created key files as well as self signed certificate. It prompts me to accept the certificate whenever I access the page. Here is snippet of mt 'httpd.conf' -<br />
<VirtualHost *:443><br />
ServerName <something><br />
SSLEnable<br />
SSLClientAuth <b>Required</b><br />
In this case I get the above mentioned error '403 Forbidden -You don't have permission to access / on this server.'<br />
Error logs are<br />
<a href="http://www-128.ibm.com/developerworks/forums/">warn</a> SSL0265W: Client did not supply a certificate.<br />
<br />
If I make SSLClientAuth <b>Optional</b>, I can see the HomePage with no error. I understand what these options mean. But I am not sure why my browser is not supplying the certificate....<br />
<br />
Thanks...
Eric Covener
Feb 29, 2008, 5:47:25 PM2/29/08
to
The server tells your browser what Certificate Authorities it trusts. If
your client certificate isn't signed by any of them, your browser just
doesn't send any.
Add the cert for the issuer of your client cert to the IHS KeyFile
--
Eric Covener
contac...@gmail.com
Mar 3, 2008, 2:22:39 PM3/3/08
to
Thanks...<br />
My problem was - I had created self signed certificate in key file. I had to extract that certificate & import in browser as personal certificate. I had tried that first with .crl file that is create with .kdb file, but it does not work. I had to export it in .p12 format which browser recognized and imported successfully.
My problem was - I had created self signed certificate in key file. I had to extract that certificate & import in browser as personal certificate. I had tried that first with .crl file that is create with .kdb file, but it does not work. I had to export it in .p12 format which browser recognized and imported successfully.
0 new messages