I've already asked the question in the users@httpd.apache.org mailing list but here it might be more suitable:
I've setup a https site with Apache 2.0.52, mod_ssl 2.0.52 and OpenSSL 0.9.7a (Red Hat Enterprise Linux ES release 4 (Nahant Update 4)). A special directory should be optional authenticated via client certificate. This works with Firefox, Netscape, IE6 but not with IE7 (Windows XP SP2 and Windows Vista).
When trying to access the page with IE7 the browser let me choose the client certificate, let me enter the PIN for the smartcard but then shows the error message "The browser can not connect to the site.". In the log files of the server there's only 1 new line:
[error] Re-negotiation handshake failed: Not accepted by client!?
Here's the httpd.conf part for SSL:
SSLEngine on
SSLProtocol +SSLv3
SSLCipherSuite HIGH:MEDIUM:SSLv3
SSLCertificateFile /etc/httpd/conf/ssl.crt/mydomain.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mydomain.key
SSLCACertificateFile /etc/httpd/conf/ssl.crt/mydomain.ca-bundle
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
<Directory "/var/www/public/htdocs/protected">
SSLVerifyClient optional
SSLVerifyDepth 5
SSLOptions +FakeBasicAuth +StdEnvVars +ExportCertData +OptRenegotiate
</Directory>
Any suggestions?
--
Trees die standing.
