我一直在调查这个,它与Apache的SSL选项
SSLVerifyClient optional_no_ca 我有以下虚拟主机configuration。
NameVirtualHost *:443 <VirtualHost *:443> SSLEngine on SSLOptions +StdEnvVars SSLCertificateFile /root/test-https-certificate/test.company.com.crt SSLCertificateKeyFile /root/test-https-certificate/research.company.com.key SSLCACertificateFile /root/test-https-certificate/sub.class1.server.ca.pem SSLCARevocationPath /root/ssl-authentication/crl SSLCARevocationFile /root/ssl-authentication/crl/crl.pem SSLCADNRequestFile /root/ssl-authentication/client-cert-issuing-ca.crt <Directory /var/www/vhosts/test.com/httpsdocs/topsecret> SSLRequireSSL SSLVerifyClient optional_no_ca SSLVerifyDepth 10 </Directory> DocumentRoot /var/www/vhosts/test.com/httpsdocs/topsecret ServerName test.company.com </VirtualHost>
我现在的问题是,每个人有证书或不能访问我的受限制的文件夹,阅读关于Apache的mod_ssl文档我已经findSSLRequire选项,但我怎么能实现它,当我用它在我的标签redirect到我Apache的默认DocumentRoot 。
还有其他疑问..从安全的angular度来看,我所做的是正确的? 有自签名证书的客户和一个官方实体签署的服务器?