[Mono-dev] mod_mono and client certificates - no worky?

Jay Miller jnmiller at cryptofreak.org
Mon Mar 10 15:08:56 EDT 2008

Hello.  I'm sure I'm just missing something silly, but I can't seem to
get any client certificate information from Apache.  My server is set
to require client certificates using "SSLVerifyClient require".  I
have self-signed CA and client/server certificates set up.

For testing, I'm using the ASP.NET example found here:


When I attempt to take a vanilla host to my test page, Apache denies
me.  When I add my client certificate to Firefox and attempt the test
page again, Apache lets me through.  My client certificate is shown in
the Apache debug output:

  ssl_engine_kernel.c(1190): Certificate Verification: depth: 0,
subject: /CN=test, issuer:  ...
  ssl_engine_kernel.c(1770): OpenSSL: Write: SSL negotiation finished

However, the test page does not appear to have the client certificate
because I see, "Hello from an secure session. But who are you ?"

I've tried adding a bit more code to the test page and found that
Request.ServerVariables does not contain the flags necessary to
indicate a client certificate is present:

  Value 0: 0

It seems as though mod_mono isn't receiving (or passing on) all of the
connection info, or something.  Does anyone have any ideas on some
things I might have missed in my setup?  I'd be grateful for any help!

Thank you in advance!

Jay Miller
PGP Fingerprint | 5f7adbbe bfc60727 96dca94c 616d5080 09e3e846

More information about the Mono-devel-list mailing list