I have secured access to one of our server via User Certificate Authentication via following configuration:
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName mydomain.de
ServerAlias www.mydomain.de
# SSL Configuration for the proxy
SSlEngine on
SSlCertificateFile /etc/ssl/certs/mdoamin.de-crt.pem
SSLCertificateKeyFile /etc/ssl/private/mydomain.de-key.pem
# Client Certificate Authentication Configuration
SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile /etc/apache2/ssl/authentication_ca.crt
SSLOptions +StdEnvVars
# Handle Errors
ErrorDocument 403 /missing_cert.html
# Reverse Proxy Configuration
#ProxyRequests Off
<Proxy *>
Require all granted
</Proxy>
ProxyPass / http://localhost:9000/
ProxyPassReverse / http://localhost:9000/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName mydomain.de
ServerAlias mydomain.de
Redirect permanent / https://mydomain.de/
</VirtualHost>
The configuration works well if the correct p12 cert is inserted into the browser. If I try to connect via a browser without the cert I get the ERR_BAD_SSL_CLIENT_AUTH_CERT as expected.
Instead, I want the unauthenticated user to allow accessing a missing_cert.html error document under /var/www/html.
I tried to provide a custom error via ErrorDocument but this seems either the wrong error code or the doesn't work at all.
I found a similar request (Tomcat redirect on ERR_BAD_SSL_CLIENT_AUTH_CERT) for a tomcat server, but I hope it would be more possible with a apache2.
