From 3a0aa28f441f9958b72feff6d1d524c52cc88b10 Mon Sep 17 00:00:00 2001 From: David W Xiao Date: Fri, 16 Sep 2011 17:30:19 -0400 Subject: [PATCH] --- doc/apache-client-certs.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/apache-client-certs.mdwn b/doc/apache-client-certs.mdwn index d4a0642..9b6428a 100644 --- a/doc/apache-client-certs.mdwn +++ b/doc/apache-client-certs.mdwn @@ -26,7 +26,7 @@ In addition to the standard Apache directives needed to enable SSL, you'll need AuthSSLCertStripSuffix "@MIT.EDU" -You also need to require certificate authentication. You can either use `SSLVerifyClient required` or `SSLVerifyClient optional`. `SSLVerifyClient required` has the downside that, if visitors don't have client-side certificates, they'll get an obscure OpenSSL error. However, Safari will not present certificates to a site with `SSLVerifyClient optional` set unless the user sets up an Identity Preference. For reference, scripts.mit.edu sets `SSLVerifyClient optional`. +You also need to require certificate authentication. You can either use `SSLVerifyClient require` or `SSLVerifyClient optional`. `SSLVerifyClient required` has the downside that, if visitors don't have client-side certificates, they'll get an obscure OpenSSL error. However, Safari will not present certificates to a site with `SSLVerifyClient optional` set unless the user sets up an Identity Preference. For reference, scripts.mit.edu sets `SSLVerifyClient optional`. You'll also need to enable the Apache modules. -- 2.44.0