Enabling Client Authentication with Certificates on HTTP Server
668253Jan 11 2009 — edited Feb 11 2009
I have a problem with enabling client authentication on http server of oracle application server 10.1.3.4.
In my SSL.CONF file in APACHE/APACHE/CONF I have:
The service works with my browser and my proxy (in jdeveloper) which is alright.
When I add this directive: +'SSLVerifyClient require'+
It says 'SSL peer cannot verify your certificate' in my broswer and returns an error to my code: SOAPException: Bad response: 405 Method Not Allowed
It is ok too because probably it does not recognize my certificate. Now I want to add the certificate to the trusted ones.
When I use this directive:
the server does not get restarted and in the logs it says:
Invalid command 'SSLCACertificateFile', perhaps mis-spelled or defined by a module not included in the server configuration
Why some of the APACHE directives do not work for OHS? How can I introduce my certificate to the server?
What is the standard way to enable client authentication? Am I doing something wrong?
(I also tried Require valid-user,AuthType Cert,...).Can I alternatively use OC4J SSL?