Customizing error message when using certificate based authentification

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

I have set up certificate based authentication using

        SSLVerifyClient require

in my httpd.conf. Everything works fine but if a client does not have a
valid certificate Firefox gives an obscure error message:

        "www.example.com has received an incorrect or unexpected message. Error
Code: -12227"

Is there a way to give the client a normal error page, like e.g. for 404
errors?

Best regards!
Christian

- --
For more than 4 generations the IT Professionals were the guardians
of quality and stability in software. Before the dark times.
Before Microsoft...

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHfLeiCNjA0nfhW7wRAgUMAKDHF5oLVSLa7YkSoDt7bYmRvFOAtwCgzgwS
7C8W5RdIMDHAeA3PYIJOBPk=
=XlfO
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@...
Automated List Manager                            majordomo@...

Christian Nolte wrote:

II. Tricks
    1. Redirect all HTTP requests to HTTPS
         a. Load mod_rewrite  (see:
            http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html )
         b. Add the following rule to your non-HTTPS server configuration
            (httpd.conf):
                 # Require HTTPS
                 RewriteEngine on
                 RewriteRule ^/(.*) https://${SERVER_NAME}/$1 [redirect=permanent]

    2. Redirect all requests that fail to authenticate to an error page
         a. Load mod_rewrite  (see:
            http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html )
         b. Add the following rule to your HTTPS server configuration
            (mod_ssl.conf):
                 i. Apache 1.3.x: (NOTE:  Internet Explorer does not work
                    correctly with Apache 1.3.x and mod_ssl when SSLVerifyClient
                    is set to anything except "none")
                         # Redirect client-verification-failures to a specific
                         # page.
                         RewriteEngine on
                         RewriteCond %{SSL_CLIENT_VERIFY} !^SUCCESS$
                         RewriteRule . /error-pages/pki/pki-invalid.html [last]
                 i. Apache 2.2.x:
                         # Redirect client-verification-failures to a specific
                         # page.
                         RewriteEngine on
                         RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
                         RewriteRule . /error-pages/pki/pki-invalid.html [last]
         c. Change "SSLVerifyClient" to "optional" (NOTE:  Internet Explorer
            does not work correctly with Apache 1.3.x and mod_ssl when
            SSLVerifyClient is set to anything except "none")
                 SSLVerifyClient optional

--
        Roy Keene (Contractor)
        Office of Network Management (Code 7030.8)
        Naval Research Laboratory
        Stennis Space Center, MS 39529
        DSN 828-4827

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@...
Automated List Manager                            majordomo@...