堆栈内存溢出
  简体   繁体   English

如何在Apache中为客户端证书添加自定义错误?

[英]How do I add custom errors for client certificates in Apache?

 原文  2017-08-22 00:17:07       apache/ ssl/ errordocument

问题描述

How do I configure a custom error document for when a user fails to provide a client certificate or when the one they provide is invalid? 当用户未能提供客户端证书或客户端提供的证书无效时,如何配置自定义错误文档?

The browser displays ERR_BAD_SSL_CLIENT_AUTH_CERT and ERR_SSL_DECRYPT_ERROR_ALERT respectively when I encounter those errors. 当我遇到这些错误时,浏览器分别显示ERR_BAD_SSL_CLIENT_AUTH_CERTERR_SSL_DECRYPT_ERROR_ALERT I'd like to provide the user with a custom error. 我想为用户提供一个自定义错误。

This is how I do it in NGINX . 这就是我在NGINX中的方法 

location = /495.html {}
error_page 495 /495.html;
location = /496.html {}
error_page 496 /496.html;

When I add the following line to the apache config I receive the error "Unsupported HTTP response code 495" . 当我将以下行添加到apache配置中时,我收到错误消息“不支持的HTTP响应代码495” 

ErrorDocument 495 /495.html

This is running httpd-2.4.6-45.el7.centos.4.x86_64 这正在运行httpd-2.4.6-45.el7.centos.4.x86_64

UPDATE: 更新:

I am able to provide a custom error document for the 496 error by changing SSLVerifyClient from require to optional and using a rewrite rule. 通过将SSLVerifyClientrequire更改为optional并使用重写规则,我能够为496错误提供自定义错误文档。 

<Directory "/var/www/html">
  SSLVerifyClient optional
  RewriteEngine On
  RewriteCond %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS
  RewriteRule . 496.html [L]
</Directory>

The 495 error still eludes me. 495错误仍然使我难以理解。

1 个解决方案

解决方案1
 0  2017-08-22 00:33:51

What version of Apache are you running? 您正在运行什么版本的Apache?

https://unix.stackexchange.com/questions/290845/unsupported-http-response-code-429 https://unix.stackexchange.com/questions/290845/unsupported-http-response-code-429

Apache 2.2 does not support 495. Apache 2.2不支持495。

Apache 2.4 does support this according to https://httpd.apache.org/docs/2.4/custom-error.html Apache 2.4确实根据https://httpd.apache.org/docs/2.4/custom-error.html对此提供支持

Customized error responses can be defined for any HTTP status code designated as an error condition - that is, any 4xx or 5xx status. 可以为指定为错误条件的任何HTTP状态代码(即任何4xx或5xx状态)定义定制的错误响应。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Apache httpd:如何信任特定的客户端证书? - Apache httpd: How to trust specific client certificates? Apache-客户端证书 - Apache - Client Certificates Apache客户端认证证书 - Apache Client Certificates for Authentication 如何使用模块处理Apache错误? - How do I handle Apache errors with a module? 如何将404或500或403之类的错误重定向到Apache httpd中的自定义错误页面? - How do I redirect errors like 404 or 500 or 403 to a custom error page in apache httpd? 如何将 404 或 500 之类的错误重定向到 apache httpd 中的自定义错误页面? - How do I redirect errors like 404 or 500 to a custom error page in apache httpd? Apache + Passenger + Rails和客户端证书 - Apache + Passenger + Rails and Client certificates 如何使用Apache httpd中的客户端证书连接到LDAP以进行授权? - How to use client certificates in Apache httpd to connect to an LDAP for authorization? 如何在没有证书的情况下将Apache SNI主机重定向到http地址? - How do I make apache SNI hosts without certificates redirect to http address? 对于 Apache SSL 证书,我是否需要将 .CER 转换为 .CRT? 如果是这样,如何? - Do I need to convert .CER to .CRT for Apache SSL certificates? If so, how?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM