The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Client Authentication on port 2096 What for?

Discussion in 'General Discussion' started by ozzi4648, Dec 21, 2002.

  1. ozzi4648

    ozzi4648 Guest

    Evertime one of our users connects to port 2086 for webmail our servers asks them to supply a personal certificate. This is not correct! Here is the email i got back from Darren

    Hello,

    I checked with Nick, the head cpanel developer about this as I've seen a couple other tickets in the system about the same thing. The cause of the empty box is the intermeddiate certificate, currently it's a bug in the way stunnel handles certificate authority chains and the only thing you can do is finalise the cert or click &ok& and move on.

    Thanks,
    Darren


    This is not correct! and does not seem to be a stunnel problem at all.

    The only reason that box comes up is because Apache is looking for client certs (Apache is asking the client to supply a personal security certificate from their own machine).

    And obviously there is no reason for Apache to be asking for this from me or my users, because we never supply a cert to it, we simply click okay with no cert selected, and still we get through to the webmail.

    This means that Apache isn't asking for personal certs for any particular reason and this shouldn't be enabled.

    And the main problem I'm having as it says in the title of this ticket, &Macs can't get to SSL webmail&, is that when Macs are asked to supply a personal certificate, IE just fails.

    My contention is that there is a way to turn off the client cert authorization.
    Because it shouldn't be there anyway!

    So you need to find out what is placing
    SSLVerifyClient
    as an authorization directive on this particular folder and get rid of it.

    It could be in a .htaccess, a .sslaccess, the httpd.conf directory declaration for that folder, or whatever handles that port number 2096, if I would have to guess.
     
  2. indiboi

    indiboi Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    6
    Noticed the same problem with mac ie on os x using 2083... other browsers handle it fine.
     
Loading...

Share This Page